b'   FEDERAL DEPOSIT INSURANCE CORPORATION\n\n\n\n\n                April 1, 2008 \xe2\x80\x93 September 30, 2008\n\n\n                            Office of\n                            Inspector General\n\n                            Semiannual Report\n                            to the\n                            Congress\nIncluding the Office of\nInspector General\xe2\x80\x99s\nPerformance Report for\nFiscal Year 2008\n\x0cThe Federal Deposit Insurance Corporation (FDIC) is an independent\nagency created by the Congress to maintain stability and confidence in\nthe nation\xe2\x80\x99s banking system by insuring deposits, examining and super-\nvising financial institutions, and managing receiverships. Approximately\n4,800 individuals within seven specialized operating divisions and other\noffices carry out the FDIC mission throughout the country. According to\nmost current FDIC data, the FDIC insured $4.54 trillion in deposits for\n8,384 institutions, of which the FDIC supervised 5,134. The Corporation\nheld insurance funds of $34.6 billion to ensure depositors are safeguarded.\n\x0c                                         Inspector General\n                                         Statement\n\n\n\n\nT\nThe Federal Deposit Insurance            companies and individual inves-      mortgage lenders, the securitiza-\nCorporation (FDIC) proudly               tors; and the federal government     tion industry, servicers, consumer\ncelebrated its 75th anniversary on       has taken control of two firms       groups, other regulators, and\nJune 16, 2008. For three quarters of     involved in the secondary mort-      the Congress on steps to reduce\na century, the FDIC has protected        gage markets and another insur-      unnecessary foreclosures through\ninsured depositors and brought           ance and financial services giant.   such measures as implementing\nstability to the banking system.         Around the globe, confidence in      the Hope for Homeowners Act\nAmidst the current turmoil in the        financial systems has been shaken.   and proposing loan modifica-\nnation\xe2\x80\x99s economy and the resulting       The Secretary of the Treasury        tions for troubled borrowers.\nliquidity crisis, the FDIC has           proposed a plan to address the       Recent events have correspond-\npersevered in its mission, risen to      financial unrest, and the Congress   ingly touched many facets of\nmeet new challenges, and helped          passed landmark legislation          the Office of Inspector General\xe2\x80\x99s\nmaintain the public\xe2\x80\x99s confidence         that the President signed as the     (OIG) operations. To illustrate,\nduring these extraordinary times.        Emergency Economic Stabilization     we took a number of proactive\nThe events of the past 6 months          Act of 2008 on October 3, 2008.      steps to prepare for the statutorily\n                are unprecedented.       While the vast majority of FDIC-     mandated reviews that we must\n                During May two           regulated institutions remain safe   conduct when an FDIC-regulated\n                institutions failed,     and sound, all of these events       institution fails and the Deposit\n                and in July came         have had a profound impact           Insurance Fund incurs a material\n                the largest failure in   on the FDIC mission, opera-          loss, defined as a loss exceeding\n                recent years\xe2\x80\x94that        tions, and workforce. The FDIC       the greater of $25 million or 2\n                of IndyMac Bank,         has met its deposit insurance        percent of the failed institution\xe2\x80\x99s\n                F.S.B., in Pasadena      responsibilities; continued its      assets at closing. Our office led the\n                California, causing      supervision and examination of       other financial regulatory OIGs in\n                an $8.9 billion loss     banks; carried out its resolution    formulating a standard approach\n                to the Deposit           and receivership workload; and       to conducting these reviews,\n                Insurance Fund. Ten      participated in several actions      developed a training program\nadditional failures occurred after       by the Congress, the Treasury        to ensure needed OIG expertise\nIndyMac, bringing the total in 2008      Department, and other federal        for material loss review work,\nas of the end of October to 17.          regulators designed to restore       and loaned FDIC OIG staff to the\nHome foreclosures have steadily          confidence in insured financial      Department of the Treasury OIG\nincreased; credit markets have           institutions. These have included    to assist in that office\xe2\x80\x99s material\ntightened; weakened financial            temporarily increasing deposit       loss review of IndyMac Bank.\nfirms have merged with stronger          insurance coverage and providing     Now more than ever, the OIG\nrivals; troubled banks have been         guarantees to new, senior unse-      must remain responsive to the\nabsorbed by other already huge           cured debt issued by banks,          volatile environment, and our\ncompetitors; losses in the stock         thrifts, or holding companies.       guiding principle will be flex-\nmarket have taken a toll on              The FDIC has also worked with        ibility. This flexibility will manifest\n                                                                                                                        1\n\x0citself in the nature of the work        recoveries. A significant portion      There is no doubt that the future\nwe conduct, the cross-functional        of our investigative workload          will continue to pose formidable\nteams we assign to projects, and        relates to mortgage fraud, and we      challenges to the FDIC, and there\nthe approaches we take in plan-         are pleased to partner with the        is no single or simple solution to\nning and conducting work and            Department of Justice, the Federal     fix current market turmoil. On\nreporting results. Most impor-          Bureau of Investigation, and other     this, the 30th anniversary of the\ntantly, we are taking all possible      law enforcement colleagues in          creation of IGs, we recommit to\nsteps to ensure that our staff          successfully combating such            carrying out the IG mission and\nis positioned to add maximum            fraud throughout the country.          working with the Congress, the\nvalue through audits, evaluations,                                             FDIC, and other stakeholders as we\n                                        Like the FDIC, the Inspector\nand investigations; offer unique                                               tackle the complex issues of these\n                                        General (IG) community also\nand independent perspectives                                                   uncertain and changing times.\n                                        marked an anniversary recently, for\non efficiency and effectiveness;        30 years ago, on October 12, 1978,\nand play a key part in ensuring         the IG Act was signed. In keeping\nthe longstanding tradition of           with an environment of continual\nintegrity and transparency in the       change, on October 14, 2008,\nregulatory activities of the FDIC.      the IG Reform Act of 2008 was          Jon T. Rymer\nThis semiannual report looks back       signed by the President. Among\non the 15 audits and evaluations        other provisions, this legislation     Inspector General\nthat we completed over the past         strengthens IG independence, and       October 31, 2008\n6-month period and the projects         combines the President\xe2\x80\x99s Council\nthat other units in the office under-   on Integrity and Efficiency and the\ntook in support of that work. It        Executive Council on Integrity and\nalso references some of our more        Efficiency in a new, unified Council\nrecently initiated work, such as        that will focus on cross-cutting\nthe five material loss reviews that     issues and training for more than\nwe have initiated as of the end         12,000 OIG staff in the federal\nof October. Our investigations          government. We look forward to\nthis period led to 45 indictments/      working with our colleagues in the\ninformations; 61 convictions;           community as the new Council\nand nearly $353 million in fines,       charts its course in the days ahead.\nrestitution, and other monetary\n\n\n\n\n2\n\x0cTable of Contents\n\n\n\n\nInspector General\xe2\x80\x99s Statement.........................................................................1\nAbbreviations and Acronyms............................................................................4\nHighlights and Outcomes..................................................................................5\nStrategic Goal Areas\nSupervision: Assist the FDIC to Ensure the Nation\xe2\x80\x99s\nBanks Operate Safely and Soundly.................................................................9\nInsurance: Help the FDIC Maintain the Viability of the\nInsurance Fund.................................................................................................... 21\nConsumer Protection: Assist the FDIC to Protect\nConsumer Rights and Ensure Customer Data\nSecurity and Privacy........................................................................................... 23\nReceivership Management: Help Ensure that the FDIC\nis Ready to Resolve Failed Banks and Effectively\nManages Receiverships.................................................................................... 27\nResources Management: Promote Sound Governance\nand Effective Stewardship and Security of Human,\nFinancial, Information Technology, and Physical Resources.............. 32\nOIG Internal Processes: Build and Sustain a\nHigh-Quality OIG Staff, Effective Operations,\nOIG Independence, and Mutually Beneficial\nWorking Relationships...................................................................................... 40\nFiscal Year 2008 Performance Report.......................................................... 46\nReporting Requirements................................................................................. 53\nInformation Required by the Inspector General Act of 1978,\nas amended........................................................................................................... 54\nCongratulations and Farewell........................................................................ 59\n\n\n\n\n                                                                                                                      3\n\x0c    Abbreviations and Acronyms\n    BIS\t      Business Information Systems\n    BOA\t      Basic Ordering Agreement\n    BSA\t      Bank Secrecy Act\n    CDC\t      Finding Dreams In Children Child Development Centers, Inc.\n    DIF\t      Deposit Insurance Fund\n    DIT\t      Division of Information Technology\n    DOA\t      Division of Administration\n    DOF\t      Division of Finance\n    DRR\t      Division of Resolutions and Receiverships\n    DSC\t      Division of Supervision and Consumer Protection\n    ECIE\t     Executive Council on Integrity and Efficiency\n    ECU\t      Electronic Crimes Unit\n    EIC\t      Examiner-in-Charge\n    FBI\t      Federal Bureau of Investigation\n    FCFS\t     Franklin County Financial Services\n    FDIC\t     Federal Deposit Insurance Corporation\n    FISMA\t    Federal Information Security Management Act of 2002\n    FY\t       fiscal year\n    GAO\t      U.S. Government Accountability Office\n    GPRA\t     Government Performance and Results Act of 1993\n    HELOC\t    home equity line of credit\n    IG\t       Inspector General\n    IRS\t      Internal Revenue Service\n    IT\t       Information Technology\n    KPMG\t     KPMG, LLP\n    OERM\t     Office of Enterprise Risk Management\n    OFAC\t     Office of Foreign Assets Control\n    OI\t       Office of Investigations\n    OIG\t      Office of Inspector General\n    OM\t       Oversight Manager\n    OMB\t      Office of Management and Budget\n    PCIE\t     President\xe2\x80\x99s Council on Integrity and Efficiency\n    ROE\t      Report of Examination\n    SCT\t      Secured Capital Trust\n    ViSION\t   Virtual Supervisory Information on the Net\n\n\n\n\n4\n\x0c                                       Highlights and\n                                       Outcomes\n\n\n\n\nT\nThe OIG\xe2\x80\x99s 2008 Business Plan           CAMELS ratings. Ongoing work          and outreach with the Division\ncontains five strategic goals that     in support of this goal included      of Supervision and Consumer\nare closely linked to the FDIC\xe2\x80\x99s       four material loss reviews of         Protection (DSC), the Division of\nmission, programs, and activities,     failed FDIC-regulated banks.          Resolutions and Receiverships,\nand one that focuses on the OIG\xe2\x80\x99s                                            and the Legal Division by way of\n                                       With respect to investigative work,\ninternal business and manage-                                                attending quarterly meetings,\n                                       as a result of cooperative efforts\nment processes. These highlights                                             regional training forums, and\n                                       with U.S. Attorneys throughout\nshow our progress in meeting                                                 regularly scheduled meetings\n                                       the country, numerous individuals\nthese goals during the reporting                                             with DSC and the Legal Division\n                                       were prosecuted for financial\nperiod. A more in-depth discus-                                              to review Suspicious Activity\n                                       institution fraud, and we achieved\nsion of OIG audits, evaluations,                                             Reports and identify cases of\n                                       successful results in combating\ninvestigations, and other activities                                         mutual interest. (See pages 9-20.)\n                                       a number of mortgage fraud\nin pursuit of these goals follows.\n                                       schemes. Our efforts in support       Strategic Goal 2\nStrategic Goal 1                       of the Department of Justice\xe2\x80\x99s        Insurance: Help the FDIC\nSupervision: Assist the                Operation Malicious Mortgage          Maintain the Viability\nFDIC to Ensure the                     also supported this goal. Particu-    of the Insurance Fund\nNation\xe2\x80\x99s Banks Operate                 larly noteworthy results from         Our material loss review work\nSafely and Soundly                     our casework include multiple         supports this goal, as does the\nOur work in helping to ensure that     guilty pleas for mortgage fraud       investigative work highlighted\nthe nation\xe2\x80\x99s banks operate safely      schemes carried out in Florida,       above. In both cases, our work can\nand soundly takes the form of          Louisiana, and New York. Another      serve to prevent future losses to\naudits, investigations, evaluations,   of our investigations led to the      the fund by way of recommenda-\nand extensive communication and        sentencing of a former music          tions that can help to prevent\ncoordination with FDIC divisions       industry executive to 25 years in     future failures, and the deterrent\nand offices, law enforcement           prison to be followed by 3 years      aspect of investigations and the\nagencies, other financial regula-      of probation. He was also ordered     ordered restitution that may\ntory OIGs, and banking industry        to pay restitution of more than       help to mitigate an institution\xe2\x80\x99s\nofficials. During the reporting        $310 million to the individuals and   losses. At the end of the reporting\nperiod, we completed audits of         institutions that he defrauded.       period, ongoing work in this goal\nthe FDIC\xe2\x80\x99s examination assess-         In another case, a total of seven     area included an audit of the\nments of two key risks: interest       individuals pleaded guilty to         Corporation\xe2\x80\x99s off-site monitoring\nrate risk and liquidity risk. We       a massive home equity line of         activities for insurance risk and\nrecommended three improve-             credit fraud scheme that enriched     an audit of the FDIC\xe2\x80\x99s invest-\nments to examiners\xe2\x80\x99 consideration      them temporarily and impacted         ment management practices\nof interest rate risk. In another      at least 16 different lenders in      related to the Deposit Insurance\naudit, we made two recommen-           the Northern New Jersey area.         Fund, the results of which will be\ndations to enhance controls over       The Office of Investigations also     included in an upcoming semian-\nchanges to examiner-proposed           continued its close coordination      nual report. (See pages 21-22.)\n                                                                                                                  5\n\x0cStrategic Goal 3                      ECU responded to Internet-based         Strategic Goal 5\nConsumer Protec-                      schemes where the FDIC and OIG          Resources Manage-\ntion: Assist the FDIC                 Web sites were misused to entice        ment:\t Promote Sound\nto Protect Consumer                   consumers to divulge personal           Governance and Effec-\nRights and Ensure                     information. (See pages 23-26.)         tive Stewardship and\nCustomer Data Secu-                                                           Security of Human,\n                                      Strategic Goal 4\nrity and Privacy                                                              Financial, IT, and\n                                      Receivership Manage-\n                                                                              Physical Resources\nAudits, evaluations, and investi-     ment: Help Ensure\ngations contribute to the FDIC\xe2\x80\x99s      that the FDIC is Ready                  The OIG devoted substantial\nprotection of consumers in several    to Resolve Failed                       resources to this goal area during\nways. At the end of the reporting     Banks and Effectively                   the reporting period, resulting\nperiod we had several assignments     Manages Receiverships                   in a variety of issues addressed.\nongoing or planned in support                                                 We performed an audit of the\n                                      We completed two evaluation\nof this goal, including an audit                                              Corporation\xe2\x80\x99s controls over\n                                      assignments in this goal area. In\nof consumer credit underwriting                                               contractor payments for reloca-\n                                      one, we evaluated contingency\npractices in community banks                                                  tion services and another audit of\n                                      planning for large-scale resolution\nand an evaluation of enforcement                                              controls over background checks\n                                      activity and provided observa-\nactions for compliance violations.                                            of child care provider personnel.\n                                      tions to FDIC senior management\n                                                                              In the information technology\nFrom an investigative stand-          officials just prior to the actual\n                                                                              (IT) area, we audited the reli-\npoint, the OIG\xe2\x80\x99s Electronic Crimes    increased workload involving\n                                                                              ability of information accessed\nUnit (ECU) was also successful        multiple failures. A second assign-\n                                                                              through the Virtual Supervisory\nin working a case to deactivate       ment examined high-level controls\n                                                                              Information on the Net system.\n51 fraudulent email accounts to       at the IndyMac conservatorship,\n                                                                              One of our most comprehensive\ndate involving false claims of FDIC   and we made suggestions to\n                                                                              reviews was our audit of the FDIC\xe2\x80\x99s\ninsurance or affiliation. In one of   FDIC management in place at the\n                                                                              information security program,\nour cases, the former co-owner        institution. We also conducted\n                                                                              pursuant to the Federal Informa-\nof a securities firm pleaded guilty   audits related to internal control in\n                                                                              tion Security Management Act\nto a securities fraud in which he     the FDIC\xe2\x80\x99s receivership accounting\n                                                                              of 2002 (FISMA), wherein KPMG,\nmisrepresented FDIC insurance         process and protection of reso-\n                                                                              LLP identified eight steps that\nto investors. In that regard, the     lution and receivership data\n                                                                              the FDIC could take to enhance\nOIG was pleased to learn that the     managed or maintained by FDIC\n                                                                              information security controls. In\nEmergency Economic Stabilization      contractors and made recommen-\n                                                                              another audit conducted during\nAct of 2008 contains a long-          dations to strengthen controls,\n                                                                              the reporting period that fed into\nsupported provision that the OIG      with which management agreed.\n                                                                              our FISMA work, KPMG reported\nhelped to draft giving the FDIC\n                                      We continued to pursue conceal-         on the FDIC\xe2\x80\x99s controls over the\nincreased enforcement authority\n                                      ment of assets investigations           confidentiality of sensitive email\nfor such misrepresentation of\n                                      related to criminal restitution that    communications. Additionally,\nFDIC affiliation or insurance. The\n                                      the FDIC is owed. (See pages 27-31.)    we audited controls over contract\n6\n\x0cinvoice approval, payment, and        Strategic Goal 6                         revised Office of Audits Policy and\nposting to the general ledger.        OIG Internal Processes:\t                 Procedures Manual to address\n                                      Build and Sustain a                      changes in the performance audit\nOne of our evaluations resulted\n                                      High-Quality OIG Staff,                  standards and process changes\nin suggestions to enhance the\n                                      Effective Operations,                    resulting from an internal assign-\nenergy efficiency of the FDIC\xe2\x80\x99s\n                                      OIG Independence, and                    ment management review and\nVirginia Square facility, including\n                                      Mutually Beneficial                      external peer review results. We\nthe Student Residence and IT\n                                      Working Relationships                    continued use of our contract\nData Centers. Another evalu-\n                                      We continued to focus on a               with a qualified firm to provide\nation this period followed up\n                                      number of internal activities in         audit and evaluation services to\non work we conducted for the\n                                      this goal area during the past 6         the OIG to enhance the quality of\nChairman regarding IT procure-\n                                      months.                                  our work and the breadth of our\nment integrity and governance.\n                                                                               expertise. We took steps to better\nAgain, at her request, we explored    To ensure effective and efficient        track and contain costs associated\noptions for adding an indepen-        management of OIG resources,             with audits and evaluations. We\ndent review of IT project data        among other activities, we moni-         continued use of the OIG\xe2\x80\x99s end-\nat key decision points in the         tored the fiscal year (FY) 2008          of-assignment feedback forms\nselection and control phases of       budget, considered changes in            to provide staff with input on\nthe IT governance process.            the financial services industry          performance of individual audits\nOngoing or planned work in this       and economy that would likely            and evaluations and implemented\narea as of the end of the reporting   impact OIG workload and finan-           a new Inspector General (IG)\nperiod includes evaluations of        cial and human resource needs,           feedback form for audits and\nthe FDIC\xe2\x80\x99s Corporate Employee         and prepared our FY 2009 and             evaluations that focuses on overall\nProgram and security guard            2010 budgets accordingly. We             assignment quality elements,\nservices and audits of the FDIC-      continued realignment of the OIG         including time, cost, and value.\nconnect system and the Corpora-       investigative resources with FDIC\n                                      regions, by reassigning Office of        We encouraged individual growth\ntion\xe2\x80\x99s contract with Aramark.\n                                      Investigations staff, and adver-         through professional development\nWe also promoted integrity in                                                  by using revised career develop-\n                                      tising and filling vacancies. Further,\nFDIC internal operations through                                               ment plans that are better aligned\n                                      we continued a project to upgrade\nongoing OIG Hotline referrals                                                  with OIG goals and integrating\n                                      the OIG\xe2\x80\x99s audit and evaluation\nand coordination with FDIC                                                     training plans for OIG staff in\n                                      tracking system and assess how\nmanagement. (See pages 32-39.)                                                 the career development plans,\n                                      we are using TeamMate as we\n                                      conduct audits and evaluations to        continuing the OIG mentoring\n                                      better leverage that technology          program, advertising multiple\n                                      and ensure efficiency in our work.       expressions of interest for forensic\n                                                                               accountants to assist investigators\n                                      In the interest of ensuring quality      in conducting financial institution\n                                      and efficiency in our work and           fraud cases, offering opportunities\n                                      operations, we implemented the\n                                                                                                                  7\n\x0cfor OIG staff to attend graduate       holding meetings to assess prog-           economy and financial services\nschools of banking, sponsoring         ress, and planned for FY 2009 by           sector. We also participated\ntwo summer interns, and hosting a      analyzing significant activities and       regularly at corporate meetings\nsenior executive service candidate     risks within the Corporation and           of the National Risk Committee\nfrom another federal agency.           the financial services industry. We        and kept current with presenta-\n                                       tailored our planning to emerging          tions by the Corporation\xe2\x80\x99s Risk\nOur office continued to foster\n                                       issues and events resulting from           Analysis Center to monitor the risk\npositive stakeholder relationships\n                                       unprecedented turmoil in the               environment. (See pages 40-45.)\nby way of IG and other OIG execu-\ntive meetings with senior FDIC\nexecutives; presentations at Audit\n                                        Significant Outcomes\nCommittee meetings; congres-            (April 2008 - September 2008)\nsional interaction; and coordina-       Audit and Evaluation Products Issued                                                15\ntion with financial regulatory OIGs,\n                                        Nonmonetary Recommendations                                                         24\nother members of the IG commu-\nnity, other law enforcement             Investigations Opened                                                               42\nofficials, and the U.S. Government      Investigations Closed                                                               14\nAccountability Office. Members of\n                                        OIG Subpoenas Issued                                                                 4\nthe OIG Employee Advisory Group\nmet with the IG, the OIG partici-       Judicial Actions:\npated in corporate diversity events,    \t   Indictments/Informations                                                        45\nand we maintained and updated           \t   Convictions                                                                     61\nthe OIG Web site to provide easily\naccessible information to stake-        \t   Arrests                                                                         31\nholders interested in our office and    OIG Investigations Resulted in:\nthe results of our work. Of note,       \t   Fines of                                                                    $20,000\nthe IG was named Chair of the\n                                        \t   Restitution of                                                        $344,435,588\nAudit Committee of the President\xe2\x80\x99s\nCouncil on Integrity and Efficiency,    \t   Asset Forfeiture of                                                     $8,500,000\nand as such, serves as a leader in      \t   Other Monetary Recoveries of                                                     0\nthe federal audit community. We\n                                        \t   Total                                                                $352,955,588\nalso loaned resources to assist\nthe Department of the Treasury          Cases Referred to the Department of Justice (U.S. Attorney)                         37\nOIG in conducting its material          Cases Referred to FDIC Management                                                    1\nloss review of IndyMac Bank.\n                                        OIG Cases Conducted Jointly with Other Agencies                                    135\nIn the area of enhancing OIG risk       Hotline Allegations Referred                                                        64\nmanagement activities, we carried\nout and monitored the OIG\xe2\x80\x99s FY          Proposed Regulations and Legislation Reviewed                                        7\n2008 business plan, including           Proposed FDIC Policies Reviewed                                                     10\n\n8                                       Responses to Requests and Appeals under the Freedom of Information Act               1\n\x0c                                         Strategic Goal 1:\n                                         The OIG Will Assist\n                                         the FDIC to Ensure\n                                                                                           1\n                                         the Nation\xe2\x80\x99s Banks\n                                         Operate Safely\n                                         and Soundly\n\n\n\n\nT\nThe Corporation\xe2\x80\x99s supervision            supervision for banks. According       engaging in transactions with the\nprogram promotes the safety and          to examination policy, the objec-      governments of, or individuals or\nsoundness of FDIC-supervised             tive of a risk-focused examina-        entities associated with, foreign\ninsured depository institutions. As      tion is to effectively evaluate the    countries against which federal\nof September 30, 2008, the FDIC          safety and soundness of the bank,      law imposes economic sanctions.\nwas the primary federal regulator        including the assessment of risk       In the event of an insured deposi-\nfor 5,134 FDIC-insured, state-char-      management systems, financial          tory institution failure, the Federal\ntered institutions that were not         condition, and compliance with         Deposit Insurance Act requires\nmembers of the Federal Reserve           applicable laws and regula-            the cognizant OIG to perform a\nSystem (generally referred to as         tions, while focusing resources        review when the Deposit Insur-\n\xe2\x80\x9cstate non-member\xe2\x80\x9d institutions).        on the bank\xe2\x80\x99s highest risks.           ance Fund incurs a material loss. A\nThe Department of the Treasury           Part of the FDIC\xe2\x80\x99s overall respon-     loss is considered material to the\n(the Office of the Comptroller of        sibility and authority to examine      insurance fund if it exceeds $25\nthe Currency and the Office of           banks for safety and soundness         million or 2 percent of the failed\nThrift Supervision) or the Federal       relates to compliance with the         institution\xe2\x80\x99s total assets. During\nReserve Board supervise other            Bank Secrecy Act (BSA), which          the past reporting period, 11\nbanks and thrifts, depending on          requires financial institutions to     FDIC-insured institutions failed.\nthe institution\xe2\x80\x99s charter. The Corpo-    keep records and file reports on       Four of these triggered the FDIC\nration also has back-up exami-           certain financial transactions.        OIG\xe2\x80\x99s commencing a material loss\nnation authority to protect the          FDIC-supervised institutions must      review during the period. The\ninterests of the Deposit Insurance       establish and maintain procedures      FDIC OIG performs the review if\nFund for 3,250 national banks,           to comply with BSA requirements.       the FDIC is the primary regulator\nstate-chartered banks that are           An institution\xe2\x80\x99s level of risk for     of the institution. The Depart-\nmembers of the Federal Reserve           potential terrorist financing and      ment of the Treasury OIG and the\nSystem, and savings associations.        money laundering determines            OIG at the Board of Governors\nThe examination of the institu-          the necessary scope of the BSA         of the Federal Reserve System\ntions that it regulates is a core FDIC   examination. In a related vein, the    perform reviews when their\nfunction. As of June 30, 2008, the       U.S. Department of the Treasury\xe2\x80\x99s      agencies are the primary regula-\nCorporation had conducted 1,202          Office of Foreign Assets Control       tors. These reviews identify what\nsafety and soundness examina-            (OFAC) promulgates, develops,          caused the material loss, evaluate\ntions. Through this process, the         and administers economic and           the supervision of the federal\nFDIC assesses the adequacy of            trade sanctions such as trade          regulatory agency (including\nmanagement and internal control          embargoes, blocked assets              compliance with the Prompt\nsystems to identify, measure, and        controls, and other commercial         Corrective Action requirements\ncontrol risks; and bank examiners        and financial restrictions under       of the Federal Deposit Insurance\njudge the safety and soundness of        the provisions of various laws.        Act), and propose recommenda-\na bank\xe2\x80\x99s operations. The examina-        Generally, OFAC regulations            tions to prevent future failures.\ntion program employs risk-focused        prohibit financial institutions from\n\n                                                                                                                    9\n\x0c           President Roosevelt signed the Banking Act of 1933, a part of which established\n           the FDIC.\n\n\n\n\nAlso of significance with respect             to detect, it can significantly                with U.S. Attorneys\xe2\x80\x99 Offices to\nto safety and soundness, the                  raise the cost of a bank failure,              bring these cases to justice.\nFDIC and other federal banking                and examiners must be alert                    The OIG\xe2\x80\x99s investigations of finan-\nagencies agreed to finalize rules             to the possibility of fraudulent               cial institution fraud currently\nimplementing Basel II advanced                activity in financial institutions.            constitute about 88 percent of\ncapital requirements for large,               The OIG\xe2\x80\x99s Office of Investigations             the OIG\xe2\x80\x99s investigation caseload.\ncomplex banks. The agreement                  works closely with FDIC manage-                The OIG is also committed to\ncontains important safeguards                 ment in DSC and the Legal Divi-                continuing its involvement in inter-\nagainst unrestrained reductions               sion to identify and investigate               agency forums addressing fraud.\nin risk-based capital requirements            financial institution crime, espe-             Such groups include national and\nfor these large institutions. It also         cially various types of fraud. OIG             regional bank fraud, check fraud,\nprovides for the development in               investigative efforts are concen-              mortgage fraud, cyber fraud,\nthe U.S. of the Basel II standardized         trated on those cases of most                  identity theft, and anti-phishing\napproach as an option for other               significance or potential impact               working groups. Additionally, the\nbanks. The FDIC will continue its             to the FDIC and its programs. The              OIG engages in industry outreach\nwork in this realm to ensure strong           goal, in part, is to bring a halt to           efforts to keep financial institu-\nregulatory capital standards.                 the fraudulent conduct under                   tions informed on fraud-related\nThe OIG\xe2\x80\x99s audits and evaluations              investigation, protect the FDIC and            issues and to educate bankers on\nare designed to address various               other victims from further harm,               the role of the OIG in combating\naspects of the Corporation\xe2\x80\x99s                  and assist the FDIC in recovery of             financial institution fraud.\nsupervision and examination                   its losses. Pursuing appropriate               To assist the FDIC to ensure the\nactivities, as illustrated in the             criminal penalties not only serves             nation\xe2\x80\x99s banks operate safely and\nwrite-ups that follow. The OIG\xe2\x80\x99s              to punish the offender but can also            soundly, the OIG\xe2\x80\x99s 2008 perfor-\ninvestigators also play a critical            deter others from participating                mance goals were as follows:\nrole in helping to ensure the                 in similar crimes. Our criminal\nnation\xe2\x80\x99s banks operate safely and             investigations can also be of                    \xe2\x80\xa2\tHelp ensure the effectiveness\nsoundly. The Corporation needs                benefit to the FDIC in pursuing                  \t and efficiency of the FDIC\xe2\x80\x99s\nto guard against a number of                  enforcement actions to prohibit                  \t supervision program, and\nfinancial crimes and other threats,           offenders from continued partici-                \xe2\x80\xa2\tInvestigate and assist in pros-\nincluding money-laundering,                   pation in the banking system.                    \t ecuting BSA violations, money\nterrorist financing, data security            When investigating instances                     \t laundering, terrorist financing,\nbreaches, and financial institu-              of financial institution fraud,                  \t fraud, and other financial\ntion fraud. Bank management is                the OIG also defends the vitality                \t crimes in FDIC-insured institu-\nthe first line of defense against             of the FDIC\xe2\x80\x99s examination                        \t tions.\nfraud, and the banks\xe2\x80\x99 indepen-                program by investigating asso-\ndent auditors are the second                  ciated allegations or instances\nline of defense. Because fraud                of criminal obstruction of bank\nis both purposeful and hard                   examinations and by working\n10\n\x0cOIG Work in Support of Goal 1           DSC conducts periodic risk            and reporting to the institu-\nThe OIG\xe2\x80\x99s Office of Audits              management examinations to            tion\xe2\x80\x99s board of directors could be\nissued three reports during the         ascertain, among other things, an     improved. That is, examinations\nreporting period in support of          institution\xe2\x80\x99s Sensitivity to Market   often did not provide conclu-\nour strategic goal of helping to        Risk, including interest rate risk.   sions on the adequacy of the\n                                                                              independent review functions,\nensure the safety and sound-            During the reporting period, we\n                                                                              or assess the adequacy of the\nness of the nation\xe2\x80\x99s banks. These       conducted an audit to (1) deter-\n                                                                              institution\xe2\x80\x99s reporting on the\naudits addressed important              mine whether the FDIC\xe2\x80\x99s exami-\n                                                                              independent reviews to its board.\naspects of the FDIC\xe2\x80\x99s examination       nations comply with applicable\napproaches to specific risks in         policies and procedures for           Additionally, training records\nFDIC-supervised institutions\xe2\x80\x94           assessing and addressing an insti-    we reviewed for 42 interest rate\ninterest rate and liquidity risks,      tution\xe2\x80\x99s internal control, review,    risk and capital markets Subject\nand controls over the examina-          and audit coverage of the interest    Matter Experts and Regional\ntion rating review process, as          rate risk management process; and     Specialists showed that some\ndescribed below. Ongoing or             (2) evaluate the corrective actions   had obtained little or no training\nplanned audit work in support of        pursued when significant weak-        in recent years in their areas\nthe goal area as of the end of the      nesses are reported by examiners.     of expertise. Targeted training\nreporting period included mate-         The audit focused on FDIC-super-      could enhance the contribution\nrial loss reviews to determine          vised institutions with indicators    of these experts and specialists\nthe causes for the failures of four     of elevated interest rate risk.       to the examination process.\nFDIC-supervised financial institu-\n                                        We found that for the 38 sampled      We recommended that DSC\ntions and an audit of the FDIC\xe2\x80\x99s\n                                        risk management examinations we       emphasize to examiners the need\nbrokered deposit waiver process.\n                                        reviewed, FDIC examiners gener-       to fully assess and conclude on\nThe OIG also loaned staff to the\n                                        ally complied with applicable poli-   the adequacy of an institution\xe2\x80\x99s\nTreasury OIG to assist that office in\n                                        cies and procedures for assessing     independent review and on the\nconducting a material loss review\n                                        and addressing an institution\xe2\x80\x99s       adequacy of reporting on the\nof the failure of IndyMac Bank.\n                                        internal control, review, and audit   independent review to the bank\xe2\x80\x99s\nDSC\xe2\x80\x99s Examination Assessment            coverage of the interest rate risk    board, as warranted by risk; advise\nof Interest Rate Risk                   management process. Regarding         examiners of the importance of\n                                        the pursuit of corrective actions,    collectively considering all relevant\nChanges in interest rates can           we found that informal and            examination guidance; and\nadversely affect a financial institu-   formal corrective actions gener-      establish policies and guidelines\ntion\xe2\x80\x99s earnings and market capital.     ally addressed significant weak-      for the training of interest rate risk\nInterest rate risk, the exposure        nesses reported by examiners          and capital markets Subject Matter\nof an institution\xe2\x80\x99s earnings and        in the area of interest rate risk.    Experts and Regional Special-\ncapital to adverse interest rate                                              ists. Management concurred\nchanges, is fundamental to the          We also identified situations where\n                                                                              with our recommendations and\nbusiness of banking. The FDIC\xe2\x80\x99s         the examiner\xe2\x80\x99s assessment of an\n                                                                              is taking responsive action.\n                                        institution\xe2\x80\x99s independent review\n                                                                                                                   11\n\x0cFDIC\xe2\x80\x99s Examination of Liquidity        nation guidance for assessing          (ROE). The six components of the\nRisk                                   an institution\xe2\x80\x99s liquidity and         CAMELS rating system address\n                                       associated risk management             the adequacy of Capital, the\nLiquidity represents the ability\n                                       and reported on those assess-          quality of Assets, the capability\nof a financial institution to fund\n                                       ments in their work products and       of Management, the quality and\nassets and meet obligations\n                                       examination results. The FDIC has      level of Earnings, the adequacy\nas they become due. Insured\n                                       recognized that liquidity guid-        of Liquidity, and the Sensitivity to\ndeposits are a common source\n                                       ance and training need to be           market risk. A rating of 1 through\nof liquidity for FDIC-supervised\n                                       updated. In this regard, our report    5 is given, with 1 having the\nfinancial institutions. Further,\n                                       identified practices for the FDIC\xe2\x80\x99s    least regulatory concern and 5\nliquidity is critical to the ongoing\n                                       consideration in the update efforts    having the greatest concern.\nviability of an institution, and the\n                                       that could assist FDIC-supervised\nFDIC considers liquidity manage-                                              CAMELS ratings serve a number\n                                       financial institutions in identi-\nment to be among an institu-                                                  of purposes within the FDIC,\n                                       fying, measuring, monitoring,\ntion\xe2\x80\x99s most important activities.                                             including as input to the process\n                                       and controlling liquidity risk.        of determining deposit insurance\nLiquidity risk is the risk of not\n                                       We did not make recommenda-            premiums charged to financial\nbeing able to obtain funds at a\n                                       tions in the report. DSC provided      institutions. Poorly rated institu-\nreasonable price within a reason-\n                                       a written response, stating that       tions are subject to increased\nable time to meet financial\n                                       the FDIC is committed to assuring      supervisory attention and poten-\ninstitution obligations as they\n                                       that liquidity risk is appropriately   tially higher deposit insurance\nbecome due. Sound liquidity risk\n                                       assessed and mitigated through         premiums and may be precluded\nmanagement controls include\n                                       its examination and enforcement        from certain activity otherwise\nan institution\xe2\x80\x99s board of directors\xe2\x80\x99\n                                       action procedures. The FDIC also       permitted by law or regulation. It\noversight, policies and procedures,\n                                       reiterated that the Corporation is     is important, therefore, that the\nmanagement reporting, internal\n                                       involved in various initiatives to     FDIC provide assurance to finan-\ncontrols, contingency liquidity\n                                       update liquidity-related guid-         cial institutions that the CAMELS\nplans (CLP), and the identifica-\n                                       ance for financial institutions and    rating process is consistently\ntion of funding sources. CLPs\n                                       examiners.                             implemented and that institu-\ninclude strategies for handling\n                                                                              tions are treated equitably.\nevents that can impact day-to-day      FDIC\xe2\x80\x99s Controls Over the\noperations and liquidity crises.       CAMELS Rating Review Process\n                                                                              Our audit focused on DSC\xe2\x80\x99s field\n                                                                              and regional office processes\nWe conducted an audit to assess        We conducted an audit to assess        for reviewing proposed CAMELS\nhow the FDIC addresses institu-        the internal controls the FDIC         ratings from the point at which the\ntion liquidity risk and concluded      has established over the CAMELS        FDIC Examiner-in-Charge (EIC) has\nthat the FDIC actively addresses       rating system for reviewing            notified the financial institution\nsuch risk through regulatory and       and changing proposed ratings          of the proposed ratings and has\nsupervisory activities. Further,       included in draft risk manage-         electronically submitted the draft\nwe found that FDIC examiners           ment Reports of Examination            ROE for supervisory review. We\ncomplied with applicable exami-\n12\n\x0cAn FDIC representative meets with a depositor in 1934 to explain the\ninsured status of her account at a closed bank.\n\n\n\n\nfocused on these control processes              are not able to track or monitor     ensure process integrity and\nbecause once the institution                    changes to ratings resulting         transparency. Nevertheless, we\nreceives its proposed CAMELS                    from the ROE review process.         continue to believe that there\nratings, subsequent changes                     Based on the results of our\n                                                                                     is value in maintaining a record\nshould be justified and approved                work, we concluded that DSC\n                                                                                     when there are changes to an\nto help ensure the changes                      controls over changes to EIC-\n                                                                                     EIC-proposed rating even when\nare adequately supported.                       proposed CAMELS ratings could\n                                                                                     the EIC does not ultimately contest\n                                                                                     that change, and we suggest that\nThe FDIC has established and                    be enhanced. Enhanced controls\n                                                                                     DSC also consider requiring such a\nimplemented internal controls for               for tracking and monitoring the\n                                                                                     record during the course of formal-\nreviewing draft risk management                 justification and approval for\n                                                                                     izing its guidance in this area.\nROEs, including the supervisory                 CAMELS rating changes will better\nreview of proposed CAMELS                       assure that senior management        Successful OIG Investigations\nratings. Also, DSC has established              is informed of ratings changes       Uncover Financial Institution\na process for resolving disagree-               and help ensure the transpar-        Fraud\nments between the EIC and Case                  ency and integrity of the ratings\nManager (CM) with respect to                    process. We therefore recom-         As mentioned previously, the\nchanges to proposed CAMELS                      mended that DSC revise the Case      OIG\xe2\x80\x99s Office of Investigations\xe2\x80\x99\nratings. The resolution process                 Manager Procedures Manual to         work focuses largely on fraud\nincludes maintaining an open                    require that changes made to         that occurs at or impacts finan-\ndialogue between the EIC and                    EIC-proposed CAMELS ratings          cial institutions. The perpetra-\nCM and requiring the CM to                      in the draft ROE be centrally        tors of such crimes can be those\nbring unresolved differences to                 managed by DSC, including            very individuals entrusted with\nthe attention of the Regional                   tracking, monitoring, and main-      governance responsibilities at\nDirector, or designee, for resolu-              taining the documented justifica-    the institutions\xe2\x80\x94directors and\ntion prior to completion of the                 tion and approval for changes.       bank officers. In other cases,\ndraft ROE review. However, review                                                    individuals providing profes-\n                                                DSC generally agreed with our        sional services to the banks,\nprocedures do not require that                  findings and offered alterna-\nchanges to proposed CAMELS                                                           others working inside the bank,\n                                                tive corrective actions, including   and customers themselves are\nratings, agreed to by the EIC,                  formalizing the guidance to staff\nbe documented or justified.                                                          principals in fraudulent schemes.\n                                                on the required method for docu-\nFurther, we found that none of                  menting unresolved differences       The cases discussed below are\nthe six DSC regions centrally                   related to final CAMELS ratings      illustrative of some of the OIG\xe2\x80\x99s\nmaintains a record of all of                    and developing a method to           most important investigative\nthe CAMELS ratings changes                      track those instances. Depending     success during the reporting\nor documentation justifying                     on the content of the DSC guid-      period. These cases reflect the\nand approving changes to EIC-                   ance, we agree that DSC actions      cooperative efforts of OIG investi-\nproposed ratings. Consequently,                 can substantially meet the intent    gators, FDIC divisions and offices,\nthe regions and DSC headquarters                of our recommendation to help        U.S. Attorneys\xe2\x80\x99 Offices, and others\n\n                                                                                                                       13\n\x0cin the law enforcement commu-          Real Estate Appraiser Sentenced        Source: Suspicious Activity Report and\nnity throughout the country.           for Defrauding Financial Institu-      a request by the U.S. Attorney\xe2\x80\x99s Office.\n                                                                              Responsible Agencies: FDIC OIG, U.S.\n                                       tions\nA growing number of our cases                                                 Postal Inspection Service, and the\n                                                                              FBI. Prosecuted by the U.S. Attorney\xe2\x80\x99s\naddress the increased incidence of     On August 29, 2008, an Illinois real\n                                                                              Office, Central District of Illinois.\nmortgage fraud. Other significant      estate appraiser was sentenced\ncases during the reporting period      in the U.S. District Court for the     Guilty Plea in Florida Mortgage\ninvolve securities fraud, embezzle-    Central District of Illinois to 60     Fraud Case\nment, money laundering, and            months in prison, to be followed\nbank fraud. The OIG\xe2\x80\x99s success in all   by 60 months of supervised             On September 18, 2008, the\nsuch investigations contributes to     release. A special assessment of       former president of American\nensuring the continued safety and      $400 was ordered. Restitution in       Mortgage Link (AML) and Solu-\nsoundness of the nation\xe2\x80\x99s banks.       the amount of $1,051,852 was           tions Processing, Inc. (Solutions),\n                                       ordered to Central Illinois Bank,      both located in Tampa, FL. entered\nSuccessful Mortgage Fraud              Chase Bank, CitiMortgage, and          a guilty plea in the United States\nCases                                  two other individuals. Restitu-        District Court for the Middle\n                                       tion is joint and several with         District of Florida, Tampa, FL, to\nOur office has successfully investi-\n                                       two other co-defendants.               a criminal Information charging\ngated a number of mortgage fraud\n                                                                              him with conspiracy to commit\ncases over the past 6 months,          As described in previous semian-       wire fraud and to deprive Coast\nseveral of which are described         nual reports, from 1999 through        Bank of Florida of the intan-\nbelow. Our involvement in such         2005, the real estate appraiser,       gible right of honest services.\ncases is supplemented by our           along with two other businessmen\nparticipation in a growing number      and a mortgage broker engaged          According to the Information,\nof mortgage fraud task forces.         in a real estate \xe2\x80\x9cland flipping\xe2\x80\x9d       the former president of these\nAccording to the Federal Bureau        scheme to defraud real estate          companies was in engaged in the\nof Investigation (FBI), mortgage       lenders, buyers, and sellers. One      business of originating mort-\nfraud is one of the fastest growing    of the victim lenders, Central         gage loans. Solutions was a shell\nwhite-collar crimes. Such illegal      Illinois Bank, Champaign, Illinois,    company. The former president\nactivity can cause financial ruin to   is an FDIC-regulated institu-          used his position at AML to charge\nhomeowners and local communi-          tion. The scheme involved more         AML clients who wanted residen-\nties. It can further impact local      than 150 fraudulent real estate        tial home loans from Coast Bank\nhousing markets and the economy        sales and financial transactions       a mortgage brokerage fee that\nat large. Mortgage fraud can take      totaling more than $8 million          was one percent higher than AML\na variety of forms and involve         and resulted in the fraudulent         would otherwise have charged. He\nmultiple individuals, as shown         receipt of more than $3 million        used bank accounts in the name of\nin the write-ups that follow.          which the individuals converted        Solutions to receive the additional\n                                       to their personal use or used to       one percent brokerage fee and\n                                       promote their ongoing scheme.          to facilitate the transfer of three-\n                                                                              quarters of the additional one\n\n14\n\x0cpercent charge to a co-conspirator.               co-conspirators and the developer.         made by either a group of inves-\nThe former president kept the                     First Guaranty funded 179 loans            tors or the payments would be\nremaining one-quarter of the                      totaling $33,296,834 behind this           covered by rental income gener-\nexcess brokerage fee for himself.                 fraud scheme. First Guaranty has           ated by the property. In exchange\nSource: Referral from the Atlanta DSC and         experienced losses in excess of $4         for using their names and good\nDRR Offices into suspicious loan activity at      million as a result of the scheme.         credit, some of the straw buyers\nCoast Bank. Responsible Agencies: This is                                                    would receive a fee, typically in\n                                                  Source: DSC/Suspicious Activity Report.\na joint investigation with the FBI and the\n                                                  Responsible Agencies: FDIC OIG joint       the range of $5,000 to $10,000\nInternal Revenue Service (IRS), Criminal\n                                                  investigation with the FBI, Baton Rouge,   per property; others received no\nInvestigation Division. The case is being\n                                                  LA. The case is being prosecuted by the\nprosecuted by the U.S. Attorney\xe2\x80\x99s Office for                                                 fee but were told that the invest-\n                                                  U.S. Attorney\xe2\x80\x99s Office, Middle District\nthe Middle District of Florida, Tampa, Florida.                                              ment would enhance their credit\n                                                  of Louisiana, Baton Rouge, LA.\n                                                                                             scores. The straw buyers were\nFormer Mortgage Broker Pleads                     Guilty Pleas in New York                   also promised that after a short\nGuilty                                            Mortgage Fraud Case                        period of time, their names would\nOn June 5, 2008, in the Middle                                                               be removed from the property\n                                                  During the reporting period,\nDistrict of Louisiana, Baton Rouge,                                                          title. After the straw buyers had\n                                                  several individuals involved in\nLouisiana, a former mortgage                                                                 been identified, the individuals\n                                                  a mortgage fraud scheme in\nbroker who assisted in a real                                                                would identify properties to be\n                                                  Brooklyn, NY, entered guilty\nestate development investment                                                                used in the scheme, complete\n                                                  pleas to charges of conspiracy\nscheme in the Baton Rouge area                                                               fraudulent mortgage applica-\n                                                  to commit bank fraud.\npleaded guilty to one count                                                                  tions, submit the applications\nof misprision of a felony.                        According to the indictments,              to lenders, and arrange for the\n                                                  from 2005 until February 2008,             resulting loans to be closed.\nIn a conspiracy with others,                      the individuals involved in the\nthe former mortgage broker                                                                   Source: New York Mortgage Fraud\n                                                  scheme recruited straw buyers              Task Force. Responsible Agencies: This\ncreated and provided fraudulent                   with good credit scores to                 case is a joint investigation with the\npermanent loan commitments                        purchase residential properties            FBI. The case is being prosecuted by the\nin construction loan applica-                     within the boroughs of New York\n                                                                                             U.S. Attorney\xe2\x80\x99s Office, Eastern District\ntion packages to First Guaranty                                                              of New York, Brooklyn, NewYork.\n                                                  City. The defendants then pitched\nBank, Baton Rouge, Louisiana,                     \xe2\x80\x9cinvestment opportunities\xe2\x80\x9d to the\nan FDIC-regulated institution.                    straw buyers. Under the terms of\nThe loan packages included false                  these investment opportunities,\nloan commitments, fraudulent                      the straw buyers would apply for\nloan applications, and inflated                   a mortgage on a property but\nappraisals. The construction                      would not be required to make\nloans obtained provided the                       mortgage payments or even take\ninitial construction financing,                   possession of the houses. The\nand a portion of the proceeds                     defendants further promised that\nwas used to pay each of the                       the mortgage payments would be\n                                                                                                                                        15\n\x0cOther Investigative Case Results\n$310 Million Restitution Sentencing     FDIC OIG Supports Operation Malicious Mortgage\nfor Bank Fraud                          The FDIC OIG participated in the Department of Justice announce-\nOn May 21, 2008, a former loan          ment of Operation Malicious Mortgage on June 19, 2008. This initia-\ncustomer of ten different finan-        tive brings together federal law enforcement authorities throughout\ncial institutions was sentenced         the United States to create a consolidated strategy to combat the\nin the U.S. District Court for the      threat that mortgage fraud poses to the U.S. housing industry and\nMiddle District of Florida, Orlando     worldwide credit markets.\nDivision, to 25 years in prison, to     With respect to the FDIC OIG\xe2\x80\x99s activities in support of this initiative,\nbe followed by 3 years of proba-        we reported the following case statistics related to mortgage fraud\ntion. The Senior U.S. District          for the period March 1, 2008 - June 19, 2008:\nJudge also signed a $200 million\nmoney judgment and fined the              \xe2\x80\xa2\t25 arrests\nindividual a $400 special assess-         \xe2\x80\xa2\t20 indictments/informations\nment. Due to the large number\n                                          \xe2\x80\xa2\t13 convictions\nof individual investor victims,\na separate restitution hearing            \xe2\x80\xa2\t3 sentencings\nwas held at a later date.                 \xe2\x80\xa2\tAssociated dollar losses of $46.3 million\nBeginning in 1989, the loan             Since that time we have continued to successfully pursue such cases,\ncustomer and other co-conspira-         as shown in our results for the reporting period. We are committed\ntors devised a scheme to defraud        to continuing our involvement in this and other such initiatives as\ninvestors by offering stock             active participants in mortgage fraud task forces and working groups\ninvestments in Transcontinental         nationwide. We are pleased to partner with Department of Justice\nAirlines Travel Services. Shortly       in combating mortgage fraud and appreciate the support of our\nthereafter, investors were offered      colleagues throughout the Corporation as we work to ensure the\nthe opportunity to invest in an         integrity of the financial services and housing industries.\nEmployee Investment Savings\nAccount program under the guise\nof Transcontinental Airlines. The     financial statements prepared by         obtaining loans by submitting\nloan customer and his co-conspir-     a fictitious accounting firm called      false financial statements and tax\nators falsely claimed to investors    \xe2\x80\x9cCohen & Siegel\xe2\x80\x9d misrepresenting         returns prepared by the ficti-\nthat their investments in the         the financial status of Transcon-        tious accounting firm of \xe2\x80\x9cCohen\nEmployee Investment Savings           tinental Airlines and Transconti-        & Siegel\xe2\x80\x9d and another fictitious\nAccount program were insured          nental Airlines Travel Services.         accounting firm named \xe2\x80\x9cS. Kaplan\nby the FDIC up to $100,000 and                                                 & Co.\xe2\x80\x9d The co-conspirators pledged\n                                      Beginning in 2001, the co-conspir-\nfurther insured up to $1,000,000                                               worthless stock to a number of the\n                                      ators devised another scheme to\nby Lloyd\xe2\x80\x99s of London and AIG          defraud a number of FDIC-insured         loans as security and submitted\nInsurance. They provided false        institutions by applying for and         a number of documents signed\n16\n\x0cby an individual who had been           Source: We initiated this investigation            The former customers reportedly\ndead for several years. Similar         based on a referral from FDIC\xe2\x80\x99s Kansas City        needed funding to develop and\n                                        DSC. Responsible Agencies: This is a joint\nto the investment scheme, they          investigation with the FBI, IRS Criminal           market a number of inventions.\ndefrauded FDIC-insured insti-           Investigation Division, and the Florida Office     The couple admitted that this\ntutions by executing a \xe2\x80\x9cPonzi\xe2\x80\x9d          of Financial Regulation. The case is being         was done to evade bank lending\nscheme in which money borrowed          prosecuted by the U.S. Attorney\xe2\x80\x99s Office for the   limits and avoid federal lending\n                                        Middle District of Florida, Orlando Division.\nfrom the institutions would                                                                regulations. The funds were then\nbe paid to other FDIC-insured           Former Bank President,                             diverted for their personal use.\ninstitutions for earlier loans.         Customers, and Others                              They spent more than $2.5 million\nThe loan customer also engaged          Sentenced for Roles in Conspiracy                  on personal items out of about\nin a money laundering transaction       to Commit Bank Fraud                               $4.5 million loaned to them from\n                                                                                           March 2000 through July 2002.\nin November 2006 when he wired          On August 29, 2008, the former\n$500,000 from a bank account in         president of the now-defunct                       On June 30, 2008, the two former\nFlorida to a bank account located       First National Bank of Northern                    customers were each sentenced\nin the Netherlands, and engaged         Kentucky was sentenced in the                      in the United States District Court\nin a bankruptcy fraud transaction       United States District Court for                   for the Eastern District of Kentucky\nin March 2007 when he presented         the Eastern District of Kentucky                   to 24 months\xe2\x80\x99 incarceration to be\na fraudulent claim in the amount        to 9 months of incarceration to                    followed by 5 years of supervised\nof approximately $5.2 million.          be followed by 3 years of super-                   release. They were also ordered\n                                        vised release. He paid restitu-                    to pay $3,463,569 in restitution\nOn August 6, 2008, the Senior\nDistrict Judge ordered the              tion of $150,626 to the Bank of                    jointly and severally: $2,463,569\nformer loan customer to pay the         Kentucky prior to sentencing.                      to the Bank of Kentucky and\n                                                                                           $1,000,000 to the Cincinnati\nvictims in this case at total of        As described in previous semian-                   Insurance Company. Another\n$310,149,284 in restitution. This       nual reports, two former bank                      family member and her friend\namount includes $141,182,672 in         customers, a married couple,                       each received 5 years of super-\nlosses suffered by the individual       obtained more than $2.5 million                    vised release and were ordered\nvictims who invested money in           in loans by false means in collu-                  to pay restitution in the amount\nthe Employee Investment Savings         sion with the former president.\nAccount, another $42,219,858                                                               of $43,623 and $83,185, respec-\n                                        The former customers made false                    tively, to the Bank of Kentucky.\nto the individual victims who           statements on loan applications\npurchased stock in Transconti-          and conspired with the former                      Earlier in June, another family\nnental Airlines Travel Services, Inc.   president to arrange loans to                      member pleaded guilty to one\nor another entity affiliated with       be made in the names of their                      count of facilitation of theft by\nthe defendant, and $126,746,752         various family members, suppos-                    deception and was sentenced\nto the 10 institution victims that      edly for legitimate business                       to 12 months of incarceration\nloaned money or provided a              purposes. The family members                       conditionally discharged for 2\nline of credit to the defendant         also participated in the scheme.                   years. She also paid $28,000 of\nor another related entity.                                                                 restitution to the Bank of Kentucky.\n                                                                                                                             17\n\x0cSource: DRR Resolution Report for         in this fashion. In June 2007, FDIC           conspiracy to commit bank fraud.\nthe Chairman. Responsible Agencies:       agents assisted in the arrest of 38\nJoint Investigation by FDIC OIG and the                                                 The former owner defrauded 22\n                                          individuals and the execution of\nFBI. Prosecuted by the U.S. Attorney\xe2\x80\x99s                                                  banks in Mississippi and Louisiana\nOffice, Eastern District of Kentucky.     a search warrant at the office of             by double-pledging commercial\n                                          one of the roofing companies.                 real estate as collateral for loans.\nBank Customer Pleads Guilty to\n                                          By pleading guilty, the former                The fraud amounted to more\nConspiracy\n                                          president of MCS admitted that                than $14.7 million, and losses\nOn July 29, 2008 in the U.S. District     he participated in two sepa-                  to the banks totaled more than\nCourt for the Western District of         rate conspiracies to encourage                $5.4 million. To carry out the\nMissouri, the former president            illegal aliens to enter and reside            scheme, the former real estate\nof Mid-Continent Specialists              in the United States for the                  developer and co-conspirators\n(MCS), a Kansas corporation,              purpose of commercial advan-                  (1) falsely stated in loan applica-\npleaded guilty to conspiracy.             tage and private financial gain.              tions that one of the companies\nMCS subcontracted roofing                 The former president of MCS is                owned a property free of other\nwork to another individual doing          the sixth co-defendant to plead               liens, (2) executed fraudulent\nbusiness as LH Roofing, Inc. This         guilty to charges contained in                certificates of title to support\nsecond individual was involved in         the federal indictment. Five other            claims of unencumbered real\nstructuring and money laundering          co-defendants pleaded guilty                  estate, (3) fraudulently filed a\nthrough his accounts at Union             to participating in a money-                  cancellation of the bank\xe2\x80\x99s deeds\nBank, an FDIC-regulated institu-          laundering conspiracy. Two of the             of trust, and (4) forged title\ntion in the Kansas City metro-            co-defendants also pleaded guilty             insurance commitments. The\npolitan area. The former president        to illegally reentering the United            other subjects in the case were\nof MCS, also doing business as                                                          to be charged at a later date.\n                                          States after having been deported.\nNew Century Roofing, gave the             Source: U.S. Attorney\xe2\x80\x99s Office, Western\n                                                                                        Source: Suspicious Activity Reports/DSC.\nindividual at LH Roofing checks                                                         Responsible Agencies: Joint investigation by\n                                          District of Missouri. Responsible Agen-\n                                                                                        FDIC OIG, FBI, and IRS Criminal Investigation\ndrawn on New Century\xe2\x80\x99s account            cies: Joint Investigation by FDIC OIG, U.S.\n                                                                                        Division. Prosecuted by the U.S. Attorney\xe2\x80\x99s\nat Hillcrest Bank. That individual        Immigration and Customs Enforcement,\n                                                                                        Office, Southern District of Mississippi.\n                                          and IRS. Prosecuted by the U.S. Attorney\xe2\x80\x99s\nthen deposited the checks into            Office, Western District of Missouri.\none of his accounts at Union Bank                                                       Guilty Pleas in Home Equity Line\nand subsequently wrote checks             Former Real Estate Developer                  of Credit Fraud Case\nto a number of Hispanic surname           Pleads Guilty                                 Over the past 6-month period, a\nmales. The checks were all for                                                          total of seven individuals pleaded\n                                          On April 4, 2008 in the U.S. District\nless than $10,000 and were all                                                          guilty in the District of New Jersey\n                                          Court for the Southern District of\ncashed at Union Bank branches.                                                          to various charges in connection\n                                          Mississippi, Jackson, Mississippi,\nDuring the little more than one                                                         with a massive home equity line\n                                          the former owner of several real\nyear that the account was opened,                                                       of credit (HELOC) fraud scheme.\n                                          estate development companies\napproximately $1.4 million moved\n                                          in Mississippi pleaded guilty to an           In this scheme, approximately\nthrough the LH Roofing account\n                                          Information charging one count of             20 individuals conspired to\n18\n\x0cfraudulently obtain more than $20                   Four Sentenced for Bank Fraud          On April 28, 2008, one of the\nmillion in home equity loans and                    and Social Security Administra-        borrowers was sentenced to\nbusiness lines of credit. Victims                   tion Supplemental Security             11 months of incarceration, to\ninclude at least 16 different                       Income Fraud                           be followed by 5 years and 3\nlenders in northern New Jersey,                     On June 25, 2008, the former           months of supervised release,\nincluding Woori American Bank                       president of Franklin County           and ordered to pay restitution of\nand Royal Asian Bank. In a HELOC,                   Financial Services (FCFS), a subsid-   $45,290 to the Bank of Franklin.\na borrower pledges the equity in                    iary of the Bank of Franklin, was      She had pleaded guilty earlier to\nthe borrower\xe2\x80\x99s property as security                 sentenced in the U.S. Southern         one count of bank fraud and one\nfor the line of credit. The bank\xe2\x80\x99s                  District of Mississippi to 46 months   count of Social Security Supple-\nsecurity interest in the property                   of federal incarceration, to be        mental Security Income fraud. The\nis then publicly recorded so that                   followed by 5 years of supervised      second borrower was sentenced\nother lenders will be aware of prior                release. He was also ordered to        to 10 months\xe2\x80\x99 incarceration, to\nclaims on the property. The ring-                   pay restitution of $145,142 to         be followed by 5 years of super-\nleader of the scheme in this case,                  the Bank of Franklin. Previously,      vised release, and ordered to\nalong with his co-conspirators,                     he had pleaded guilty to one           pay restitution of $51,384 to the\nexecuted the scheme by closing                      count of bank fraud and one            Bank of Franklin. She had pleaded\non multiple HELOCs in a short                       count of Social Security Supple-       guilty earlier to one count of bank\nperiod of time so that the earlier                  mental Security Income fraud.\n                                                                                           fraud. The former secretary was\nlenders\xe2\x80\x99 security interests would                                                          sentenced to one day of incar-\nnot yet be publicly recorded. To                    From 1995 to 2003, the former          ceration and given credit for time\nillustrate\xe2\x80\x94in one instance the                      president of FCFS made loans to        served. She is to serve one month\nco-conspirators arranged for                        two former borrowers using false       of house arrest on weekends and\nclients to enter into HELOC agree-                  Social Security numbers and to         4 years of supervised release. She\nments with eleven different banks,                  a nominee borrower, a former           was ordered to pay restitution of\nin which less than $300,000 of                      secretary at FCFS. The borrowers       $7,493 to the Bank of Franklin.\nequity in a property was mort-                      failed to make consistent and          She, too, had pleaded guilty earlier\ngaged as security for approxi-                      timely repayments. The former          to one count of bank fraud.\nmately $1.35 million in credit.                     president did not attempt to           Source: Suspicious Activity Report. Respon-\nSource: We initiated this investigation based\n                                                    collect repayments from these          sible Agencies: Joint investigation by the\non a request for assistance from the U.S. Attor-    borrowers. Instead, he transferred     FDIC OIG and the Social Security Administra-\nney\xe2\x80\x99s Office, Newark, New Jersey. Responsible       balances of their old loans to new     tion OIG. Prosecuted by the U.S. Attorney\xe2\x80\x99s\nAgencies: This is a joint investigation with the                                           Office, Southern District of Mississippi.\n                                                    loans. This prevented the loans\nFBI. The case is being prosecuted by the U.S.\nAttorney\xe2\x80\x99s Office for the District of New Jersey.\n                                                    from defaulting and being written\n                                                    off. The bank estimated a loss of\n                                                    $606,957 due to these activities.\n\n\n\n\n                                                                                                                                     19\n\x0c     Strong Partnerships with Law Enforcement Colleagues\n     The OIG has partnered with many U.S. Attorneys\xe2\x80\x99 Offices throughout\n     the country in bringing to justice individuals who have defrauded\n     the FDIC or financial institutions within the jurisdiction of the\n     FDIC, or criminally impeded the FDIC\xe2\x80\x99s examination and resolution\n     processes. The alliances with the U.S. Attorneys\xe2\x80\x99 Offices have yielded\n     positive results during this reporting period. Our strong partnership\n     has evolved from years of hard work in pursuing offenders through\n     parallel criminal and civil remedies resulting in major successes, with\n     harsh sanctions for the offenders. Our collective efforts have served\n     as a deterrent to others contemplating criminal activity and helped\n     maintain the public\xe2\x80\x99s confidence in the nation\xe2\x80\x99s financial system.\n     During the reporting period, we partnered with U.S. Attorneys Offices\n     in the District of Columbia and following states: Alabama, Arizona,\n     California, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Kentucky,\n     Louisiana, Massachusetts, Michigan, Minnesota, Mississippi, Missouri,\n     Nebraska, New Jersey, New Mexico, New York, North Carolina,\n     Ohio, Oklahoma, Tennessee, Texas, Utah, Vermont, and Virginia.\n     We also worked closely with the Department of Justice, FBI, other\n     OIGs, state and local law enforcement officials, and FDIC divisions\n     and offices as we conducted our work during the reporting period.\n\n\n\n\n20\n\x0c                                         Strategic Goal 2:\n                                         The OIG Will Help\n                                         the FDIC Maintain\n                                                                                          2\n                                         the Viability of the\n                                         Insurance Fund\n\n\n\n\nF\nFederal deposit insurance remains        Industry-wide trends and risks        2008, which caused an $8.9 billion\na fundamental part of the FDIC\xe2\x80\x99s         are communicated to the finan-        loss to the DIF. Over recent years,\ncommitment to maintain stability         cial industry, its supervisors, and   the consolidation of the banking\nand public confidence in the             policymakers through a variety of     industry has resulted in fewer and\nNation\xe2\x80\x99s financial system. Of signifi-   regularly produced publications       fewer financial institutions control-\ncance, shortly after the close of        and ad hoc reports. Risk-manage-      ling an ever expanding percentage\nthe reporting period, with enact-        ment activities include approving     of the Nation\xe2\x80\x99s financial assets.\nment of the Emergency Economic           the entry of new institutions into    Although the FDIC may not be\nStabilization Act of 2008, the limit     the deposit insurance system,         the primary federal regulator for\nof the basic FDIC deposit insurance      off-site risk analysis, assessment    these large financial institutions,\ncoverage has been raised tempo-          of risk-based premiums, and           it is responsible for insuring their\nrarily from $100,000 to $250,000         special insurance examinations        deposits and for resolution in the\nper depositor, through December          and enforcement actions. In light     event one or more of these institu-\n31, 2009. A priority for the FDIC is     of increasing globalization and       tions fail. In recent years, the FDIC\nto ensure that the Deposit Insur-        the interdependence of finan-         has taken a number of measures to\nance Fund (DIF) remains viable to        cial and economic systems, the        strengthen its oversight of the risks\nprotect depositors in the event of       FDIC also supports the devel-         to the insurance fund posed by\nan institution\xe2\x80\x99s failure. This fund      opment and maintenance of             the largest institutions, and its key\nwas at $45.2 billion as of June 30,      effective deposit insurance and       programs include the following:\n2008, but had decreased to $34.6         banking systems world-wide.             \xe2\x80\xa2\tLarge Insured Depository\nbillion during the third quarter         Primary responsibility for identi-      \t Institution Program,\nof 2008. To maintain sufficient          fying and managing risks to the\nDIF balances, the FDIC collects                                                  \xe2\x80\xa2\tDedicated Examiner Program,\n                                         DIF lies with the FDIC\xe2\x80\x99s Division\nrisk-based insurance premiums            of Insurance and Research, DSC,         \xe2\x80\xa2\tShared National Credit\nfrom insured institutions and            and DRR. To help integrate the          \t Program, and\ninvests deposit insurance funds.         risk management process, the            \xe2\x80\xa2\tOff-site monitoring systems.\nThe FDIC, in cooperation with the        FDIC established the National\nother primary federal regulators,        Risk Committee, a cross-divisional    The Congress enacted deposit\nproactively identifies and evalu-        body. Also, a Risk Analysis Center    insurance reform in early 2006 to\nates the risk and financial condi-       monitors emerging risks and           give the FDIC more discretion in\ntion of every insured depository         recommends responses to the           managing the DIF and allow the\ninstitution. The FDIC also identifies    National Risk Committee. In addi-     Corporation to better price deposit\nbroader economic and financial           tion, a Financial Risk Committee      insurance based on risk. In 2006,\nrisk factors that affect all insured     focuses on how risks impact the       the Board adopted a number of\ninstitutions. The FDIC is committed      DIF and financial reporting.          final rules implementing specific\nto providing accurate and timely                                               reforms concerning the one-time\n                                         Large banks pose unique risks         assessment credit, risk-based\nbank data related to the financial       to the DIF, as illustrated by the\ncondition of the banking industry.                                             assessments, the designated\n                                         failure of IndyMac Bank in July       reserve ratio, and put in place\n                                                                                                                  21\n\x0c                                                               Mrs. Lydia Lobsiger was the first\n                                                               insured depositor paid by the\n                                                               FDIC. She received her payment of\n                                                               $1,250 at a closed bank in Peoria,\n                                                               Illinois, in July 1934.\n\n\n\n\na temporary rule for dividends.          viability of the DIF, the OIG\xe2\x80\x99s 2008         Liquidation Fund portfolios are\nIn 2007, the Corporation made            performance goals were as                    managed consistent with the\nsignificant changes to its infor-        follows:                                     FDIC\xe2\x80\x99s approved investment poli-\nmation technology (IT) systems             \xe2\x80\xa2\tEvaluate corporate programs to           cies, procedures, and practices.\nand business processes in order            \t identify and manage risks in             This assignment is a follow-on\nto prepare invoices and collect            \t the banking industry that can            to work we conducted in 2005\nassessments in accordance with             \t cause losses to the fund.                related to the FDIC\xe2\x80\x99s investment\nthe new risk-based assessment                                                         policies. The FDIC Chairman at\nand credit rules. In September             \xe2\x80\xa2\tEvaluate selected aspects of             the time requested that the OIG\n2007, the Board adopted an                 \t implementation of deposit                conduct an independent audit of\nadvance notice of proposed                 \t insurance reform.                        the corporate investment program\nrulemaking seeking comment on                                                         every 3 years and include the\nalternative approaches to allocate       OIG Work in Support of Goal 2                investment policies applicable to\ndividends. During 2008, the FDIC                                                      the National Liquidation Fund.\n                                         As of the end of the reporting\nexpected to publish proposed and                                                      Also at the end of the reporting\n                                         period, we had two ongoing\nfinal dividend rules to replace the                                                   period, we were anticipating\n                                         audits in this strategic goal area.\ntemporary rule, which will sunset                                                     conducting work related to the\n                                         In the first, we are assessing the\nat the end of this year. The Corpo-                                                   IndyMac failure, in such areas as\n                                         Corporation\xe2\x80\x99s internal controls\nration will continue to modify                                                        the FDIC\xe2\x80\x99s monitoring and aware-\n                                         for performing off-site moni-\nas necessary the processes and                                                        ness of the institution, its planning\n                                         toring activities of insured\nsystems implementing the new                                                          of resolution activities, and its\n                                         depository institutions. As part\nrules and evaluate the effective-                                                     execution of closing activities.\n                                         of this review, we are assessing\nness of the new assessment\n                                         the FDIC\xe2\x80\x99s implementation of\nmethods and processes in light\n                                         recommendations made by the\nof recent events. Finally, for both\n                                         Government Accountability Office\n2007 and 2008, the Board adopted\n                                         pertaining to strengthening the\na designated (target) reserve ratio\n                                         FDIC\xe2\x80\x99s risk assessment activities\nof 1.25 percent, which has resulted\n                                         through periodic reviews and\nin the need to set risk-based\n                                         evaluations of the Corporation\xe2\x80\x99s\nassessment rates above the base\n                                         off-site monitoring systems.\nrate schedule in order to gradually\nraise the reserve ratio to the target.   We have also contracted with\nAs of the third quarter of 2008,         KPMG, LLP (KPMG) to perform\nthat ratio was at 0.76 percent. A        an audit of the FDIC investment\nrecent FDIC DIF restoration plan         program, including the DIF\nand an assessments proposal are          portfolio and the National Liquida-\nintended to replenish the fund.          tion Fund. The audit objective is\n                                         to assess the FDIC\xe2\x80\x99s controls for\nTo help the FDIC maintain the\n                                         ensuring that the DIF and National\n22\n\x0c                                        Strategic Goal 3:\n                                        The OIG Will Assist\n                                        the FDIC to Protect\n                                                                                          3\n                                        Consumer Rights\n                                        and Ensure Customer\n                                        Data Security\n                                        and Privacy\n\n\n\n\nC\nConsumer protection laws are              \xe2\x80\xa2\tThe Truth in Lending Act            and regulations and banking\nimportant safety nets for Ameri-          \t requires meaningful disclosure      practices. The volume of calls\ncans. The U.S. Congress has long          \t of credit and leasing terms.        and inquiries to the Call Center\nadvocated particular protections          \xe2\x80\xa2\tThe Fair and Accurate Credit\n                                                                                increased significantly during the\nfor consumers in relationships with       \t Transaction Act further\n                                                                                reporting period, largely due to\nbanks. For example:                       \t strengthened the country\xe2\x80\x99s\n                                                                                the increase in bank failures and\n                                                                                consumer concerns regarding\n  \xe2\x80\xa2\tThe Community Reinvest-               \t national credit reporting\n                                                                                insurance coverage and the safety\n  \t ment Act encourages federally         \t system and assists financial\n                                                                                and soundness of their banks.\n  \t insured banks to meet the             \t institutions and consumers in\n  \t credit needs of their entire          \t the fight against identity theft.   Recent events in the credit and\n  \t community.                          The FDIC serves a number of key\n                                                                                mortgage markets present\n                                                                                regulators, policymakers, and the\n  \xe2\x80\xa2\tThe Equal Credit Opportunity        roles in the financial system and\n                                                                                financial services industry with\n  \t Act prohibits creditor practices    among the most important is the\n                                                                                serious challenges. The Chairman\n  \t that discriminate based on          FDIC\xe2\x80\x99s work in ensuring that banks\n                                                                                is committed to working with the\n  \t race, color, religion, national     serve their communities and\n                                                                                Congress and others to ensure\n  \t origin, sex, marital status, or     treat consumers fairly. The FDIC\n                                                                                that the banking system remains\n  \t age.                                carries out its role by providing\n                                                                                sound and that the broader\n                                        consumers with access to infor-\n  \xe2\x80\xa2\tThe Home Mortgage Disclo-                                                   financial system is positioned\n                                        mation about their rights and\n  \t sure Act was enacted to                                                     to meet the credit needs of the\n                                        disclosures that are required by\n  \t provide information to the                                                  economy, especially the needs\n                                        federal laws and regulations and\n  \t public and federal regula-                                                  of creditworthy households that\n                                        examining the banks where the\n  \t tors regarding how depository                                               may experience distress. Another\n                                        FDIC is the primary federal regu-\n  \t institutions are fulfilling their                                           important FDIC initiative and a\n                                        lator to determine the institutions\xe2\x80\x99\n  \t obligations towards commu-                                                  priority for the FDIC Chairman\n                                        compliance with laws and regula-\n  \t nity housing needs.                                                         has been to promote expanded\n                                        tions governing consumer protec-\n  \xe2\x80\xa2\tThe Fair Housing Act prohibits                                              opportunities for the underserved\n                                        tion, fair lending, and community\n  \t discrimination based on race,                                               banking population in the United\n                                        investment. As of June 30, 2008,\n  \t color, religion, national origin,                                           States to enter and better under-\n                                        the Corporation had conducted\n  \t sex, familial status, and hand-                                             stand the financial mainstream\n                                        866 Community Reinvestment\n  \t icap in residential real-estate-                                            and the protections afforded\n                                        Act/Compliance examinations.\n  \t related transactions.                                                       them by deposit insurance.\n                                        As a means of remaining respon-\n  \xe2\x80\xa2\tThe Gramm-Leach Bliley Act          sive to consumers, the FDIC\xe2\x80\x99s           In 2007, the federal bank, thrift,\n  \t eliminated barriers preventing      Consumer Response Center                and credit union regulatory\n  \t the affiliations of banks with      investigates consumer complaints        agencies issued the Statement\n  \t securities firms and insurance      about FDIC-supervised institu-          on Subprime Mortgage Lending to\n  \t companies and mandates new          tions and responds to consumer          address issues relating to certain\n  \t privacy rules.                      inquiries about consumer laws           adjustable-rate mortgage prod-\n                                                                                                                 23\n\x0cucts that can result in payment        increasing globalization and cost     fraud to Internet scams such as\nshock. The statement describes         saving benefits of the financial      \xe2\x80\x9cphishing\xe2\x80\x9d and \xe2\x80\x9cpharming\xe2\x80\x9d.\nprudent safety and soundness and       services industry are leading         The misuse of the FDIC\xe2\x80\x99s name or\nconsumer protection standards          many banks to make greater            logo has also been identified as\nthat institutions should follow to     use of foreign-based service          a scheme to defraud depositors.\nensure borrowers obtain loans          providers. Although generally         Such misrepresentations have\nthey can afford to repay. The agen-    permissible, this outsourcing         led depositors to invest on the\ncies also published illustrations of   practice raises certain risks. The    strength of FDIC insurance while\nconsumer information designed          obligations of a financial institu-   misleading them as to the true\nto help institutions implement         tion to protect the privacy and       nature of the investment products\nthe consumer protection portion        security of information about its     being offered. These depositors,\nof the Interagency Guidance on         customers under applicable U.S.       who are often elderly and depen-\nNontraditional Mortgage Product        laws and regulations remain in        dent on insured savings, have lost\nRisks. The illustrations should help   full effect when the institution      millions of dollars in the schemes.\nconsumers better understand            transfers the information to either   Further, abuses of this nature\nnontraditional mortgage prod-          a domestic or foreign-based           may erode public confidence\nucts and associated payment            service provider. In June 2008,       in federal deposit insurance. As\noptions. The FDIC continues to         the FDIC published Guidance           discussed in previous semian-\nfocus attention on ensuring that       for Managing Third-Party Risk,        nual reports, the OIG has been a\nthe industry and consumers             which identifies sound prac-          strong proponent of legislation\nunderstand the risks and benefits      tices to help banks avoid safety      to address such misrepresenta-\nassociated with various mortgage       and soundness and compliance          tions. We are pleased that the\nlending activities and programs.       problems that can result from         Emergency Economic Stabilization\nThe Chairman\xe2\x80\x99s public education        such third-party relationships.       Act of 2008, signed by the Presi-\ncampaign on deposit insurance in       Every year fraud schemes rob          dent on October 3, 2008 contains\nconjunction with the FDIC\xe2\x80\x99s 75th       depositors and financial institu-     provisions that address this issue.\nanniversary and her emphasis\n                                       tions of millions of dollars. The     Investigative work related to such\non the importance of personal\n                                       OIG\xe2\x80\x99s Office of Investigations        fraudulent schemes is ongoing\nsavings and responsible finan-\n                                       can identify, target, disrupt, and    and will continue. With the help\ncial management are additional\n                                       dismantle criminal organiza-          of sophisticated technology, the\nconsumer-focused initiatives.\n                                       tions and individual operations       OIG continues to work with FDIC\nConsumers today are also               engaged in fraud schemes that         divisions and other federal agen-\nconcerned about data security          target our financial institutions     cies to help with the detection of\nand financial privacy. Banks are       or that prey on the banking           new fraud patterns and combat\nincreasingly using third-party         public. OIG investigations have       existing fraud. Coordinating\nservicers to provide support for       identified multiple schemes that      closely with the Corporation\ncore information and transaction       defraud depositors. Common            and the various U.S. Attorneys\xe2\x80\x99\nprocessing functions. Of note, the     schemes range from identity           Offices, the OIG will help to sustain\n24\n\x0cpublic confidence in federal            data. Results of this assignment       Identity theft also continues to\ndeposit insurance and goodwill          will be reported in an upcoming        become more sophisticated, and\nwithin financial institutions.          semiannual report. At the Chair-       the number of victims is growing.\nTo assist the FDIC to protect           man\xe2\x80\x99s request, our evaluations         Identity theft includes using\nconsumer rights and ensure              group is also conducting work in       the Internet for crimes such as\ncustomer data security and              the area of enforcement actions        \xe2\x80\x9cphishing\xe2\x80\x9d emails and \xe2\x80\x9cpharming\xe2\x80\x9d\nprivacy, the OIG\xe2\x80\x99s 2008 perfor-         for compliance violations.             Web sites that attempt to trick\nmance goals were as follows:            Investigative work related to          people into divulging their private\n                                        protection of personal infor-          financial information. Schemers\n  \xe2\x80\xa2\tContribute to the effective-                                               pretend to be legitimate busi-\n  \t ness of the Corporation\xe2\x80\x99s efforts   mation and misrepresenta-\n                                        tion of deposit insurance also         nesses or government entities\n  \t to ensure compliance with                                                  with a need for the information\n  \t consumer protections at FDIC-       supported this strategic goal\n                                        area during the reporting              that is requested. The OIG\xe2\x80\x99s Elec-\n  \t supervised institutions.                                                   tronic Crimes Unit (ECU) responds\n                                        period, as described below.\n  \xe2\x80\xa2\tConduct investigations of                                                  to such phishing and pharming\n  \t fraudulent representations of       Office of Investigations Works         scams involving the FDIC and the\n  \t FDIC affiliation or insurance       to Curtail Misrepresentation of        OIG, as described further below.\n  \t that negatively impact public       FDIC Insurance or Affiliation and\n  \t confidence in the banking           Identity Theft Schemes                 Florida Man Pleads Guilty to\n  \t system.                                                                    Securities Fraud in Hedge Fund\n                                        As illustrated in the example          Scheme\n                                        below, unscrupulous individuals\nOIG Work in Support of Goal 3           sometimes attempt to misuse the        On July 22, 2008, in the Northern\n                                        FDIC\xe2\x80\x99s name, logo, abbreviation,       District of Texas, the former\nAt the end of the reporting                                                    co-owner of Capital 1st Financial,\nperiod, we had an audit assign-         or other indicators to suggest that\n                                                                               pleaded guilty to an Information\nment ongoing in support of this         deposits or other products are fully\n                                                                               charging him with one count of\ngoal related to consumer credit         insured. Such misrepresentations\n                                                                               securities fraud.\nunderwriting practices in commu-        induce the targets of schemes to\nnity banks. In that audit, we are       trust in the strength of FDIC insur-   The former co-owner of the firm\nassessing the FDIC\xe2\x80\x99s risk manage-       ance while misleading them as to       is the third defendant charged\nment examination coverage               the true nature of the insurance       in this securities fraud case. He\nof financial institutions\xe2\x80\x99 under-       investments being offered. Abuses      and his associates misled inves-\nwriting practices for consumer          of this nature harm consumers          tors into purchasing interest in\nloans not secured by real estate.       and can also erode public confi-       a hedge fund known as Secured\nSpecifically, we are assessing the      dence in federal deposit insur-        Capital Trust (SCT). He received\nFDIC\xe2\x80\x99s coverage of underwriting         ance. Our Office of Investigations     approximately $5,230,973 from\npractices for Other Consumer            works to counteract these abuses       investors through the sale of SCT\nLoans, which are reported as part       and also partners with others          in a marketing scheme involving\nof the institutions\xe2\x80\x99 Call Report        to pursue cases of this type.          representations of FDIC insur-\n\n                                                                                                                25\n\x0cance. The marketing scheme             subsequently fell and the investors      closed financial institutions and\nincluded newspaper advertise-          lost the majority of their funds.        employee misconduct cases\nments for FDIC-insured certificates    The receiver\xe2\x80\x99s Web site indicates        involving the improper use of\nof deposit paying above market         investors will lose about 95             FDIC computers. The forensic\nrates. When investors responded        percent of their investment in SCT.      computer assistance involved the\nto the advertisements, they were       Source: The U.S. Securities and          analysis of electronic evidence\n\xe2\x80\x9cbaited and switched\xe2\x80\x9d into SCT.        Exchange Commission and the FBI.         gathered from computers and\n                                       Responsible Agencies: Joint investiga-   other electronic media. The ECU\nAnother individual, who previously     tion by the FDIC OIG and the FBI.\npleaded guilty in this case, was the                                            typically searches the electronic\nprimary salesman of SCT and told                                                evidence for key-words or phrases;\n                                       Electronic Crimes Unit Success\ninvestors that the funds invested                                               searches for documents, emails,\n                                       During the reporting period, the         and other artifacts; and recreates\nin SCT were placed in FDIC-insured\n                                       ECU continued its casework related       specialized software applications\ncertificates of deposit or pools\n                                       to fraudulent emails involving           such as accounting software.\nof FDIC-insured certificates of\n                                       the FDIC. The emails, purport-\ndeposit. The former co-owner of\n                                       edly from the FDIC, attempted to\nCapital 1st then used the funds\n                                       entice victims to divulge personal\nfrom the sale of SCT to purchase\n                                       information and/or pay a deposit\nshares of Interfinancial Holdings\n                                       to receive an insurance settle-\nCorporation, a thinly-traded penny\n                                       ment. To date, in investigating\nstock trading under the ticker\n                                       these cases, the ECU was able to\nsymbol IFCH. He failed to disclose\n                                       have 51 fraudulent email accounts\nto investors that he and his\n                                       deactivated. In these cases, the\npartners owned millions of shares\n                                       ECU traced the schemes to loca-\nof IFCH and they were receiving\n                                       tions outside of the United States.\n\xe2\x80\x9ckickbacks\xe2\x80\x9d for purchasing IFCH\n                                       The ECU has made contact with\nstock with investor funds.\n                                       law enforcement in the foreign\nAnother individual who has also        country where the emails appear\npleaded guilty in this case partici-   to have originated and will\npated in the scheme by purchasing      continue to work with foreign\nand selling IFCH stock on the open     law enforcement in investigating\nmarket in an attempt to manipu-        these fraudulent schemes that\nlate and increase the share price.     falsely use the FDIC name.\nThe State of Florida, Office of        The ECU also provided forensic\nFinancial Regulations, filed a         computer assistance on 17 existing\ntemporary injunction, appointed        and 8 new FDIC OIG cases during\na receiver, and shut down Capital      the reporting period. The cases\n1st Financial. The IFCH stock price    involved bank fraud at open and\n\n26\n\x0c                                         Strategic Goal 4:\n                                         The OIG Will Help\n                                         Ensure that the FDIC\n                                                                                          4\n                                         is Ready to Resolve\n                                         Failed Banks and\n                                         Effectively Manages\n                                         Receiverships\n\n\n\n\nT\nThe FDIC protects depositors               \t liquidating any remaining         2008. As conservator, the FDIC has\nof insured banks and savings               \t assets; and distributing any      been operating IndyMac Federal\nassociations. In the FDIC\xe2\x80\x99s history,       \t proceeds to the FDIC, the bank    Bank, FSB to maximize the value\nno depositor has experienced a             \t customers, general creditors,     of the institution for a future sale\nloss on the insured amount of his          \t and those with approved           and to maintain banking services\nor her deposit in an FDIC-insured          \t claims.                           in the communities formerly\ninstitution due to a failure. One        The FDIC\xe2\x80\x99s resolution and receiver-\n                                                                               served by IndyMac Bank, F.S.B.\nof the FDIC\xe2\x80\x99s most important             ship activities pose tremendous       During 2008 through the end of\nroles is acting as the receiver          challenges. As indicated by the       October, 17 FDIC-insured institu-\nor liquidating agent for failed          trends in mergers and acquisi-        tions have failed. This number\nFDIC-insured institutions. The           tions, banks have become more         compares to three failures in 2007\nsuccess of the FDIC\xe2\x80\x99s efforts in         complex, and the industry is          and no failures prior to that since\nresolving troubled institutions has      consolidating into larger organi-     June 2004. The number of problem\na direct impact on the banking           zations. As a result, the FDIC has    institutions increased during the\nindustry and on the taxpayers.           been called upon to handle failing    third quarter from 117 to 171.\nDRR\xe2\x80\x99s responsibilities include           institutions with significantly       Correspondingly, total assets of\nplanning and efficiently handling        larger numbers of insured deposits    problem institutions increased\nthe resolutions of failing FDIC-         than it has had to deal with in       from $78.3 billion to $115.6\ninsured institutions and providing       the past. As referenced earlier       billion. At the end of the reporting\nprompt, responsive, and efficient        in this report, one such institu-     period, DRR was managing the\nadministration of failing and            tion was IndyMac Bank, F.S.B.,        IndyMac conservatorship and\nfailed financial institutions in         Pasadena, CA, with estimated          selling receivership assets from 12\norder to maintain confidence and         losses to the DIF of $8.9 billion.    recent bank failures. To meet its\nstability in our financial system.       IndyMac was closed on July 11 by\n                                                                               workload demands, DRR has been\n                                                                               authorized to hire both perma-\n  \xe2\x80\xa2\tThe resolution process               the Office of Thrift Supervision.\n                                                                               nent and temporary employees.\n  \t involves valuing a failing feder-    The FDIC was named conservator.\n                                                                               DRR is also taking advantage of\n  \t ally insured depository institu-     The FDIC subsequently transferred\n                                                                               the Corporation\xe2\x80\x99s cross-training to\n  \t tion, marketing it, soliciting and   insured deposits and substantially\n                                                                               create a flexible workforce where\n  \t accepting bids for the sale of       all the assets of IndyMac Bank,\n                                                                               examiners can support resolution\n  \t the institution, considering the     F.S.B., Pasadena, CA, to IndyMac\n                                                                               activities and resolution specialists\n  \t least costly resolution method,      Federal Bank, FSB. Brokered\n                                                                               can support examination activities.\n  \t determining which bid to             deposits are held by the FDIC and\n  \t accept, and working with the         those insured deposits are paid       The FDIC must set far-reaching\n  \t acquiring institution through        off when the insurance deter-         plans for the future to keep pace\n  \t the closing process.                 mination is completed. IndyMac        with a changing industry. DRR has\n                                         Bank, F.S.B. had total assets of      developed models to train FDIC\n  \xe2\x80\xa2\tThe receivership process\n                                         $32.01 billion and total deposits     staff and prepare for differing\n  \t involves performing the closing\n                                         of $19.06 billion as of March 31,     circumstances. One major corpo-\n  \t function at the failed bank;\n                                                                                                                 27\n\x0c            June 29, 1939: Interior view of the closed Hamilton Trust Co. of Patterson, New Jersey,\n            as FDIC officials started paying out 21,000 depositors the $2.7 million representing\n            their insured claims.\n\n\n\nrate initiative has been the Corpo-            To help ensure the FDIC is ready                   large bank failures, including the\nration\xe2\x80\x99s Strategic Readiness Project,          to resolve failed banks and                        Corporation\xe2\x80\x99s efforts to develop\nwhich the OIG has monitored since              effectively manages receiver-                      and implement a new insurance\nproject inception, as discussed                ships, the OIG\xe2\x80\x99s 2008 perfor-                      determination system by 2009.\nbelow. We understand that                      mance goals were as follows:                       These efforts are discussed below:\nproject has been deferred in light                \xe2\x80\xa2\tEvaluate the FDIC\xe2\x80\x99s plans and\nof current resolution activities.                                                                 Contingency Planning for Large-\n                                                  \t systems for managing bank                     Scale Resolution Activity\nWhile OIG audits and evaluations                  \t resolutions.\naddress various aspects of resolu-                                                                Our evaluation objectives were\n                                                  \xe2\x80\xa2\tInvestigate crimes involved in\ntion and receivership activities, OIG                                                             to (1) assess the FDIC\xe2\x80\x99s strate-\n                                                  \t or contributing to the failure\ninvestigations benefit the Corpora-                                                               gies and plans to be prepared for\n                                                  \t of financial institutions or\ntion in other ways. That is, in the                                                               large-scale resolution activity and\n                                                  \t which lessen or otherwise                     (2) identify any gaps or obstacles\ncase of bank closings where fraud                 \t affect recoveries by the DIF,\nis suspected, our Office of Investi-                                                              associated with the tactical\n                                                  \t involving restitution or other-               aspects of carrying out large-scale\ngations (OI) sends case agents and                \t wise.\ncomputer forensic special agents                                                                  resolution efforts and suggest\nfrom the ECU to the institution.                                                                  opportunities for improvement.\nECU agents use special investiga-              OIG Work in Support of Goal 4                      Tactical issues are the logistics\ntive tools to provide computer                 During the reporting period, the                   associated with deploying people,\nforensic support to OI\xe2\x80\x99s investiga-            OIG completed multiple assign-                     equipment, and supplies, and\ntions by obtaining, preserving, and            ments in support of this strategic                 downloading and processing\nlater examining evidence from                  goal area. Our Evaluations group                   data to necessary systems.\ncomputers at the bank. During the              reviewed the FDIC\xe2\x80\x99s Contingency                    We reported that the FDIC had\nreporting period, OI attended 10               Planning for Large-Scale Reso-                     taken contingency planning\nbank closings and provided foren-              lution Activity. With the failure                  seriously for a number of years\nsics support for most of those.                of IndyMac in July, the IG and                     and had developed plans and\nThe OIG also coordinates closely               one of our staff conducted a                       processes for responding to\nwith DRR on concealment of assets              High-Level Controls Review of                      large-scale resolution activity.\ncases. In many instances, the FDIC             the IndyMac Conservatorship.                       However, we made several\ndebtors do not have the means                  Additionally, our Office of Audits                 observations related to project\nto pay fines or restitution owed to            conducted an audit of internal                     management of readiness efforts;\nthe Corporation. However, some                 control in the FDIC\xe2\x80\x99s receivership                 scenarios and baseline assump-\nindividuals do have the means to               accounting process and an audit                    tions used in planning docu-\npay but hide their assets and/or lie           of protection of resolution and                    ments; logistics testing for large or\nabout their ability to pay. OI works           receivership data managed or                       multiple bank scenarios; viability\nclosely with both DRR and the                  maintained by FDIC contractors.                    and credibility of personnel\nLegal Division in pursuing criminal            We also continued monitoring                       and contracting assumptions;\ninvestigations of these individuals.           corporate efforts to prepare for                   and coordination and plan-\n                                                                                                  ning for long-term IT needs.\n28\n\x0cWe provided our observations to           audit and risk management staff         on behalf of the receiverships by\nthe Director of DRR, members of           that the new focus of the conser-       Corporation employees. Receiv-\nthe Resolution Policy Committee,          vatorship should be on maxi-            ership billings reduce the cash\nselected division directors, the          mizing the value of the institution     available for dividend payments,\nActing Chief Operating Officer,           for a future sale, preserving the       including those to uninsured\nand the Chairman. In light of the         value of the assets, protecting         depositors and other claimants.\nFDIC\xe2\x80\x99s increased workload due             customer rights, and maintaining        Therefore, the FDIC\xe2\x80\x99s receivership\nto actual and expected failures           public confidence. Additionally         service billing process is intended\nthat began to occur in July, we           we suggested that a Chief Audit         to ensure effective cost monitoring\nconcluded our work as of June 24,         Executive be appointed and              and that control activities are in\n2008 so as not to interfere with          that planned audits and audit           place and observed to promote\nresolution efforts, and we offered        issues be pursued. Finally, we          fairness in servicing operations.\nto provide further assistance on          suggested that risk management          The Federal Deposit Insur-\nthe issues that we identified.            staff activities, mission, roles, and   ance Act permits the FDIC to\n                                          responsibilities be agreed upon.        charge its receiverships all of\nHigh-Level Controls Review of\n                                          FDIC generally agreed with              the expenses of liquidation as\nthe IndyMac Conservatorship\n                                          our suggestions and had                 are fixed by the FDIC. The FDIC\nWe conducted a high-level                 either taken or planned to              adopted an implementing\ncontrols review of IndyMac Federal        take action in response.                regulation governing administra-\nBank, FSB, the conservatorship                                                    tive expenses of a receivership.\nestablished for the closed thrift,        FDIC\xe2\x80\x99s Receivership Service             Additionally, the FDIC has devel-\nIndyMac Bank, F.S.B. in Pasadena,         Billing Process                         oped internal guidance related\nCalifornia. Our objective was             We conducted an audit to assess         to cost monitoring and control\nto provide FDIC management                the design and implementation           activities for receivership billings.\nsupervising the conservatorship           of controls over the FDIC\xe2\x80\x99s receiv-     We concluded that the FDIC\nwith information and suggestions          ership service billing process.         has designed and implemented\nregarding the continuing responsi-        Our audit focused on controls           controls over the receivership\nbilities of the internal audit and risk   intended to ensure that receiver-       service billing process to ensure\nmanagement functions. Our intent          ships are fairly and accurately         that receiverships are fairly and\nwas to assist the FDIC in a timely        billed in accordance with appli-        accurately billed in accordance\nmanner in protecting the value of         cable laws and regulations.             with applicable laws and regu-\nthe conservatorship and its assets\n                                          When an FDIC-insured institution        lations. The process for estab-\nand the integrity of its operations.\n                                          fails or is closed by a federal or      lishing the FDIC\xe2\x80\x99s 2008 service\nWe issued a memorandum to                 state regulatory agency, the FDIC       line rates for receivership bill-\nconservatorship management                is appointed as receiver. The FDIC      ings was documented in rate\nand made four suggestions. These          billed $21 million in 2007 to 45        cases approved by the FDIC\xe2\x80\x99s\nincluded clearly articulating and         receiverships for work conducted        Chief Financial Officer for each\ncommunicating to the internal                                                     service line. The six rate cases\n                                                                                                                      29\n\x0cwe examined were accurately             reviews conducted, including the       institutions. Such information\ncalculated and fully supported.         reasonableness of the charges.         includes personally identifiable\n                                                                               information (e.g., name, address,\nAlthough adequate controls have         Management concurred with\n                                                                               Social Security number, phone\nbeen designed and implemented           our recommendation and is\n                                                                               number, and account and loan\nto ensure that billings by service      taking responsive action.\n                                                                               data) for institution deposi-\nline are reviewed, controls for\n                                        Protection of Resolution and           tors, borrowers, and employees.\nensuring that billings are reviewed\n                                        Receivership Data Managed              DRR\xe2\x80\x99s BIS Section, located in the\nfor the receiverships can be\n                                        or Maintained by an FDIC               FDIC\xe2\x80\x99s Dallas Regional Office, is\nstrengthened. Specifically, DRR\n                                        Contractor                             responsible for securing all the\nis not providing the same level\n                                                                               operating systems, data, and\nof review to individual receiver-       The FDIC has established a risk-       hardware once a failing institu-\nships as that provided to the           based corporate-wide security          tion is closed. To that end, DRR\nservice lines. Such reviews, which      program and a privacy program          has established a Basic Ordering\ninclude certification, provide          to protect the sensitive informa-      Agreement (BOA) to obtain IT\nadded assurance that billings are       tion the Corporation manages.          support for the BIS Section. A\nreasonable. Fully documenting           These programs include guidance        BOA is an agreement setting forth\nthe receivership billing review         for contractors and FDIC to help       the terms and conditions to be\nprocedures, as well as the billing      ensure contractors are complying       applied to future task orders.\nreview results, and certifying the      with government-wide and FDIC\nReceivership Oversight Section          information security policies and      We determined that DRR\xe2\x80\x99s closing\nreviews similar to the review           procedures.                            support BOA contains the neces-\nprocess for service line billings                                              sary privacy and information\nwould help to ensure that the           We conducted an audit to (1)           security clauses consistent with\nFDIC thoroughly and consistently        determine whether the closing          FDIC guidance that was in place\nfulfills the role of advocate for the   support contract used by the DRR       when the FDIC awarded the\ninterests of the receiverships.         Business Information Systems (BIS)     contract. Moreover, the State-\n                                        Section contains privacy and infor-    ment of Work contains a clause\nWe recommended that FDIC                mation security clauses to protect     requiring that the contractor\nmanagement strengthen the               pre-closing and failed institution     comply with all FDIC policies and\nreceivership advocacy role of the       data and (2) evaluate the steps        procedures, including any new\nReceivership Oversight Section by:      the FDIC Oversight Manager (OM)        policies and procedures devel-\nupdating guidance, as necessary,        takes to ensure the contractor         oped during the contract term.\nto clarify instructions for receiver-   is complying with privacy and\nship billing reviews performed,         information security clauses.          The OM is taking multiple steps to\nincluding the frequency of                                                     ensure the contractor is aware of,\nreviews; fully documenting the          The FDIC collects sensitive            and complying with, the privacy\nreview procedures performed;            information when conducting            and information security clauses.\nand certifying or otherwise             resolution and receivership            For example, the OM reviewed\ndocumenting the results of              activities at FDIC-insured financial   the contractor\xe2\x80\x99s IT security plan\n30\n\x0c                                                  February 14, 1939: FDIC employees post a notice telling depositors\n                                                  their bank had failed and that their deposits were protected up to\n                                                  $5,000.\n\n\n\n\nand routinely monitors the status      to submit such agreements                     the Corporation\xe2\x80\x99s Claims Admin-\nof background investigations for       and maintain copies of those                  istration System-specifically,\ncontractor personnel. The OM is        agreements in the contract file.              we are attending status meet-\nplanning to take additional steps      Management concurred with our                 ings of the working group and\nto ensure the contractor has           recommendation and is taking                  offering perspectives to help\ncomplied with the FDIC\xe2\x80\x99s training      responsive corrective action.                 ensure the success of that effort.\nrequirements and to sustain\ncontractor attention regarding its     Monitoring the FDIC\xe2\x80\x99s Strategic\nresponsibilities for safeguarding      Readiness Project\ninformation. With regard to IT         The failure of a large bank is not\nequipment, the OM is working           only one of the greatest risks to\nto protect sensitive information       the DIF but it is also an event that\nmaintained on laptop computers         could shake the public\xe2\x80\x99s confi-\nformerly and currently in use.         dence in the nation\xe2\x80\x99s financial\nWe noted one area that                 system. Recognizing its role in\nwarranted additional attention.        resolving failed institutions and\nThe Contracting Officer and OM         maintaining public confidence,\nfound confidentiality agreements       the FDIC developed a Strategic\nfor only 32 (70 percent) of 46         Readiness Project to test and\ncontractor personnel. Such agree-      evaluate its processes for handling\nments document an individual\xe2\x80\x99s         a large bank failure. The purpose\nunderstanding of, and commit-          of the project, which began in\nment to, safeguarding data and are     January 2007, was to test the\na key security requirement under       command and control plan associ-\nthe contract. FDIC policy and the      ated with a large bank failure,\nBOA are clear that the Contracting     enhance the FDIC\xe2\x80\x99s ability to\nOfficer is responsible for ensuring    determine an effective resolution\nthat contractor personnel sign the     strategy, advance knowledge of\nagreements and for maintaining         the process, and identify lessons\nthem in the contract file.             learned. The FDIC\xe2\x80\x99s Corporate\n                                       University has directed this project\nTo further protect sensitive resolu-   and used focused exercises and\ntion and receivership information,     high-level simulations to test and\nwe recommended that the FDIC           evaluate its processes. During\nestablish controls to ensure that      the reporting period, the OIG\nContracting Officers obtain signed     continued to monitor this project.\nConfidentiality Agreements from\nall contractor personnel required      We have also continued to monitor\n\n\n                                                                                                                          31\n\x0c     5                     Strategic Goal 5:\n                           The OIG Will Promote\n                           Sound Governance and\n                           Effective Stewardship\n                           and Security of Human,\n                           Financial, IT, and\n                           Physical Resources\n\n\n\n\n     T\n     The FDIC must effectively manage       as of September 30, 2008, due        ments of its information systems\n     and utilize a number of critical       to the increase in receivership      containing personally identifiable\n     strategic resources in order to        and resolution activity and the      information that is consistent\n     carry out its mission successfully,    elevated examination workload.       with relevant privacy-related\n     particularly its human, financial,     Most of the increase is for hiring   policy, guidance, and standards.\n     IT, and physical resources.            non-permanent employees              Supplementing the FDIC work-\n                                            to aid in the current crisis.\n     Human Resources: In the after-                                              force are contractors providing\n     math of corporate downsizing,          In the interest of making the FDIC   services for the Corporation.\n     and in light of a growing number       an employer of choice, increasing    According to the Corporation\xe2\x80\x99s\n     of employees with retirement           FDIC employee engagement             New Financial Environment\n     eligibility, the FDIC was faced        and empowerment, enhancing           data, the FDIC had $1.61 billion\n     with significant human capital         trust between FDIC managers          in outstanding contracts as of\n     challenges. The FDIC established       and employees, and refining the      September 30, 2008, and had\n     a human capital framework and          Corporation\xe2\x80\x99s pay-for-performance    awarded approximately $505\n     strategy to guide its evolution        system, the Chairman of the FDIC     million in contracts during\n     toward a more flexible permanent       spearheaded a comprehensive          2008. As a good steward, the\n     workforce that would be capable        employee survey that was carried     FDIC must ensure it receives the\n     of responding rapidly to significant   out by an independent consulting     goods and services purchased\n     changes in the financial services      group during 2007. The Chairman      with corporate funds and have\n     industry or unexpected changes         has shown her commitment to          effective contractor oversight\n     in workload or priorities. The         effecting necessary changes          controls in place as well.\n     implementation of the Corporate        based on the results of the survey   Financial Resources: The Corpo-\n     Employee Program, the Succession       through her Culture Change Initia-   ration does not receive an\n     Management Program, and the            tive, which is currently underway.   annual appropriation, except\n     Leadership Development Program         In an age of identity theft risks,   for its OIG, but rather is funded\n     are initiatives to that end. To        another human capital manage-        by the premiums that banks\n     cross-train employees and build a      ment responsibility at the FDIC      and thrift institutions pay for\n     more diverse and ready workforce,      is to maintain effective controls    deposit insurance coverage, the\n     the FDIC also created the Profes-      to protect personal employee-        sale of assets recovered from\n     sional Learning Account program        related information that the         failed banks and thrifts, and\n     to allocate time and money             Corporation possesses. The           from earnings on investments\n     for each qualified employee to         appointment of a chief privacy       in U.S. Treasury securities.\n     manage, in partnership with            officer and implementation of\n     the employee\xe2\x80\x99s supervisor, the                                              The FDIC Board of Directors\n                                            a privacy program have been          approves an annual Corporate\n     employee\xe2\x80\x99s learning goals.             positive steps in addressing that    Operating Budget to fund the\n     The FDIC\xe2\x80\x99s authorized staffing         challenge. Further, the FDIC         operations of the Corporation.\n     increased from 4,810 at the            has established a process for        For 2008, the approved budget\n     beginning of the year to 5,621         conducting privacy impact assess-    totaled $1.14 billion. The operating\n32\n\x0cbudget provides resources for the       in insurance, supervision and          agency. Section 522 of the Consoli-\noperations of the Corporation\xe2\x80\x99s         consumer protection, and receiv-       dated Appropriations Act of 2005\nthree major programs or business        ership management, and to              requires agencies to establish and\nlines\xe2\x80\x94Insurance, Supervision, and       improve the operational effi-          implement comprehensive privacy\nReceivership Management\xe2\x80\x94as              ciency of its business processes.      and data protection procedures\nwell as its major program support       The FDIC needs to continue to          and have periodic third-party\nfunctions (legal, administrative,       focus on the capital planning and      reviews performed of their\nfinancial, IT, etc.). Program support   investment processes for IT and        privacy programs and practices.\ncosts are allocated to the three        maximize the effectiveness of the      Physical Resources: The FDIC\nbusiness lines so that the fully        Chief Information Officer Council      employs approximately 4,800\nloaded costs of each business line      and Project Management Office,         people. It is headquartered in\nare displayed in the operating          both of which play an important        Washington, D.C., but conducts\nbudget approved by the Board.           role in reviewing the portfolio of     much of its business in six\n                                        approved IT projects and other\nIn addition to the Corporate                                                   regional offices and in field offices\n                                        initiatives. The Corporation has\nOperating Budget, the FDIC has a                                               throughout the United States.\n                                        also worked to enhance its Enter-\nseparate Investment Budget that                                                Ensuring the safety and security of\n                                        prise Architecture program by\nis composed of individual project                                              the human and physical resources\n                                        identifying duplicative resources/\nbudgets approved by the Board                                                  in those offices is a fundamental\n                                        investments and opportunities for\nof Directors for major investment                                              corporate responsibility that\n                                        internal and external collaboration\nprojects. Budgets for invest-                                                  is directly tied to the Corpora-\n                                        to promote operational improve-\nment projects are approved on a                                                tion\xe2\x80\x99s successful accomplishment\n                                        ments and cost-effective solu-\nmulti-year basis, and funds for an                                             of its mission. The FDIC needs\n                                        tions to business requirements.\napproved project may be carried                                                to be sure that its emergency\nover from year to year until the        Along with the positive benefits       response plans provide for the\nproject is completed. A number          that IT offers comes a certain         safety and physical security of\nof the Corporation\xe2\x80\x99s more costly        degree of risk. In that regard,        its personnel and ensure that its\nIT projects are approved as part of     information security has been          business continuity planning and\nthe investment budget process.          a long-standing and widely             disaster recovery capability keep\n                                        acknowledged concern among             critical business functions opera-\nExpenditures from the Corpo-\n                                        federal agencies. The Federal Infor-   tional during any emergency.\nrate Operating and Investment\n                                        mation Security Management Act         Corporate Governance and\nBudgets are paid from two funds\n                                        requires each agency to develop,       Risk Management: The FDIC is\nmanaged by the FDIC\xe2\x80\x94the DIF\n                                        document, and implement an\nand the Federal Savings and Loan                                               managed by a five-person Board\n                                        agency-wide information security\nInsurance Corporation Resolution                                               of Directors, all of whom are\n                                        program to provide adequate\nFund.                                                                          appointed by the President and\n                                        security for the information and       confirmed by the Senate, with no\nIT Resources: At the FDIC, the          information systems that support       more than three being from the\nCorporation seeks to leverage           the operations and assets of the       same political party. The Board\nIT to support its business goals\n                                                                                                                  33\n\x0cincludes the Comptroller of the           \xe2\x80\xa2\tPromote integrity in FDIC          the reporting period that fed into\nCurrency and the Director of the          \t internal operations.               our FISMA work, we contracted\nOffice of Thrift Supervision. Given       \xe2\x80\xa2\tPromote alignment of IT with       with KPMG to audit and report\nthe relatively frequent changes           \t the FDIC\xe2\x80\x99s business goals and      on the FDIC\xe2\x80\x99s controls over the\nin the Board make-up, it is essen-        \t objectives.                        confidentiality of sensitive email\ntial that strong and sustainable                                               communications. Additionally,\ngovernance and communication              \xe2\x80\xa2\tPromote IT security measures       we audited controls over contract\nprocesses be in place throughout          \t that ensure the confidentiality,   invoice approval, payment, and\nthe FDIC and that Board members           \t integrity, and availability of     posting to the general ledger. One\npossess and share the information         \t corporate information.             of our evaluations addressed the\nneeded at all times to understand         \xe2\x80\xa2\tPromote personnel and              energy efficiency of the FDIC\xe2\x80\x99s\nexisting and emerging risks and           \t physical security.                 Virginia Square facility, including\nmake sound policy and manage-                                                  the Student Residence and IT\nment decisions.                           \xe2\x80\xa2\tPromote sound corporate            Data Centers. Another evaluation\n                                          \t governance and effective           this period followed up on work\nEnterprise risk management is a           \t risk management and internal       we conducted for the Chairman\nkey component of governance.              \t control efforts.                   regarding IT procurement integ-\nThe FDIC\xe2\x80\x99s numerous enterprise\n                                                                               rity and governance. Again, at her\nrisk management activities need\n                                        OIG Work in Support of Goal 5          request, we explored options for\nto consistently identify, analyze,\n                                        The OIG committed a number of          adding an independent review\nand mitigate operational risks\n                                        audit and evaluation resources         of IT project data at key decision\non an integrated, corporate-\n                                        to work in this strategic goal area    points in the selection and control\nwide basis. Additionally, such\n                                        during the reporting period. We        phases of the IT governance\nrisks need to be communicated\n                                        performed an audit of the Corpo-       process. Results of these reviews\nthroughout the Corporation and\n                                        ration\xe2\x80\x99s controls over contractor      are discussed below. Additionally,\nthe relationship between internal\n                                        payments for relocation services       ongoing or planned work in this\nand external risks and related\n                                        and another audit of controls          area as of the end of the reporting\nrisk mitigation activities should\n                                        over background checks of child        period includes evaluations of\nbe understood by all involved.\n                                        care provider personnel. In the        the FDIC\xe2\x80\x99s Corporate Employee\nTo promote sound governance                                                    Program and security guard\n                                        IT area, we audited the reliability\nand effective stewardship                                                      services and audits of the FDICcon-\n                                        of information accessed through\nand security of human, finan-                                                  nect system and the Corporation\xe2\x80\x99s\n                                        the Virtual Supervisory Informa-\ncial, IT, and physical resources,                                              contract with Aramark.\n                                        tion on the Net system. One of our\nthe OIG\xe2\x80\x99s 2008 performance\n                                        most comprehensive reviews was\ngoals were as follows:\n                                        our audit of the FDIC\xe2\x80\x99s informa-\n     \xe2\x80\xa2\tEvaluate corporate efforts to    tion security program, pursuant\n     \t manage human resources and       to the Federal Information Secu-\n     \t operations efficiently, effec-   rity Management Act of 2002. In\n     \t tively, and economically.        another audit conducted during\n34\n\x0c                                                    First Board of Directors of the FDIC, sworn in at the Treasury Depart-\n                                                    ment, Washington, DC, on September 11, 1933.\n\n\n\n\nEnergy Efficiency of the FDIC\xe2\x80\x99s        discusses in the report. However,              One of our audits during the\nVirginia Square Facility and           implementing these initiatives will            reporting period focused on\nInformation Technology Data            require additional investments,                determining whether the FDIC\nCenter                                 which we have not attempted to                 has sound controls in place to\n                                       quantify. Consequently, we did not             ensure that costs billed to the\nWe engaged KPMG to conduct an\n                                       claim monetary benefits resulting              FDIC by Cartus for relocation\nevaluation of the Corporation\xe2\x80\x99s\n                                       from the recommendations.                      services are allowable, allocable,\nefforts to conserve energy in its\n                                                                                      and reasonable and in compli-\noperations of the Virginia Square      The Division of Administration\n                                                                                      ance with contract requirements.\nfacility, including the Student        (DOA) provided us a written\n                                                                                      As part of the audit, we engaged\nResidence Center and IT Data           response to the report and\n                                                                                      the Defense Contract Audit\nCenter and identify opportuni-         concurred or partially concurred\n                                                                                      Agency to examine selected\nties to further conserve energy        with all five recommendations.\n                                                                                      invoices submitted by Cartus.\nand/or reduce utility costs.\n                                       Controls Over Contractor                       We found that the Corpora-\nKPMG concluded that the FDIC           Payments for Relocation                        tion\xe2\x80\x99s Division of Finance (DOF)\nhas taken a number of actions          Services                                       has implemented a number of\nto improve the energy efficiency\n                                       The Corporation provides reloca-               important controls designed to\nof the Virginia Square facility\n                                       tion services and reimbursement                ensure that payments to Cartus\nand IT Data Center and identi-\n                                       of expenses for FDIC employees                 for relocation services are allow-\nfied leading practices that the\n                                       who change their official duty                 able, allocable, and reasonable\nFDIC has implemented that help\n                                       station for the benefit of the FDIC.           and in compliance with contract\nreduce energy consumption and\n                                       Certain retirees also receive some             requirements. We also found\nenergy costs. KPMG identified\n                                       relocation benefits. The FDIC                  that improvements are needed\nopportunities to further improve\n                                       has contracted with the Cartus                 in some areas to ensure sound\nthe FDIC\xe2\x80\x99s energy manage-\n                                       Corporation (Cartus) to provide                controls over the FDIC\xe2\x80\x99s payments\nment efforts and, in that regard,\n                                       eligible employees and retirees                to Cartus for relocation services.\nmade five recommendations.\n                                       with relocation services. During               We recommended that the\nKPMG has quantified the poten-         2006 and 2007, Cartus billed the               Director, DOF fully document\ntial cost savings associated with      FDIC about $11 million for reloca-             the control activities associated\nseveral specific initiatives associ-   tion expenses such as household                with contractor payments of the\nated with the Virginia Square          goods moving and storage costs,                monthly invoices for relocation\nfacility. We expect that the FDIC      lump-sum payments (such as                     expenses and the weekly invoices\ncan achieve and sustain far            airfare and lodging), miscellaneous            for the Home Sale Program\ngreater savings over time by           expense allowances, and real                   and formalize the monitoring\nimplementing the initiatives at        estate expenses. Cartus also billed            and periodic assessment of the\nall FDIC-owned buildings and by        the FDIC about $7.8 million during             controls over contractor payments\nestablishing a more programmatic       2007 for advances of home equity               for relocation services as part of\nand corporate-wide approach to         and mortgage payoffs related to                DOF\xe2\x80\x99s internal control program.\nenergy management, as KPMG             the FDIC\xe2\x80\x99s Home Sale Program.\n                                                                                                                             35\n\x0cDOF concurred with our                development centers warranting       monitor examination frequency\nrecommendations and plans             management\xe2\x80\x99s attention. We           and determine deposit insur-\nto take responsive actions.           made five recommendations to         ance assessments for financial\n                                      address concerns identified during   institutions. The FDIC\xe2\x80\x99s DSC is\nControls Over Background              the audit. The FDIC concurred        responsible for ensuring the\nChecks of Child Care Provider         with our recommendations and         reliability of supervisory informa-\nPersonnel                             took prompt action in response.      tion in each of these four areas.\nThe FDIC\xe2\x80\x99s DOA entered into a                                              We reviewed a sample of 75 of\n                                      Reliability of Supervisory Infor-\nMemorandum of Understanding                                                the 5,075 financial institutions for\n                                      mation Accessed Through the\nwith the Finding Dreams In Chil-                                           which the FDIC was the primary\n                                      Virtual Supervisory Information\ndren Child Development Centers,                                            federal regulator as of April 3,\n                                      on the Net (ViSION) System\nInc. (CDC) to provide the CDC                                              2008. For each of the 75 institu-\nwith space and certain services for   We conducted an audit to assess      tions, we verified supervisory\ntwo child development centers         the reliability of key supervisory   information accessed through the\nlocated in the FDIC\xe2\x80\x99s headquarters    information accessed through         ViSION system to source docu-\noffices. Key services provided by     the ViSION system, a mission-        mentation, such as hard copy\nthe FDIC under the Memorandum         critical FDIC system that provides   ROEs. We considered the informa-\nof Understanding include building     access to a broad range of           tion we assessed to be reliable\nsecurity to help ensure a safe        information related to insured       if it was accurate and complete\nphysical environment for the          financial institutions in support    as described in the Government\nchildren and background checks        of the Corporation\xe2\x80\x99s insurance       Accountability Office\xe2\x80\x99s publica-\nto help ensure the suitability of     and supervision programs. The        tion Assessing the Reliability of\nchild care provider personnel.        system serves approximately          Computer-Processed Data.\n                                      3,900 FDIC and outside agency\nWe conducted an audit to assess                                            Supervisory information accessed\n                                      users (primarily other federal\nthe FDIC\xe2\x80\x99s controls for performing                                         through the ViSION system was\n                                      and state regulatory agencies).\nbackground checks of child care                                            not fully reliable in each of the\nprovider personnel working in the     Key supervisory information          four areas that we assessed.\nFDIC\xe2\x80\x99s child development centers.     accessed through the ViSION\n                                                                           Unreliable information accessed\nAs part of the audit, we performed    system includes: (1) examina-\n                                                                           through the ViSION system can\nlimited procedures to assess          tion ratings used to evaluate the\n                                                                           limit the efficiencies that the FDIC\nbuilding security services related    safety and soundness of financial\n                                                                           intended to achieve through\nto the child development centers.     institutions; (2) BSA examina-\n                                                                           automation such as accurate,\n                                      tion information reported to the\nWe found that controls over                                                timely, and consistent data used\n                                      Department of the Treasury; (3)\nbackground checks of child                                                 for off-site monitoring of financial\n                                      safety and soundness Reports\ncare provider personnel needed                                             institutions. In addition, because\n                                      of Examination (ROE) provided\nimprovement, and we also identi-                                           ROE processing dates are used in\n                                      to financial institutions; and (4)\nfied building security vulner-                                             determining deposit insurance\n                                      ROE processing dates used to\nabilities related to the child                                             assessments, the reliability of\n36\n\x0cthose dates is critical to ensuring   the results of the assessment.        tion security provisions of FISMA\nthe integrity of premiums charged     DSC concurred with our recom-\n                                                                            and standards and guidelines of\nto insured financial institutions.    mendation and has planned\n                                                                            the National Institute of Standards\n                                                                            and Technology. Importantly, the\nDSC has taken steps to promote        to take responsive actions.\n                                                                            FDIC had established policies\nthe reliability of information\n                                      Independent Evaluation of the         and procedures in substantially\naccessed through the ViSION\n                                      FDIC\xe2\x80\x99s Information Security           all of the security control areas\nsystem. For example, DSC peri-\n                                      Program-2008                          KPMG evaluated. The FDIC had\nodically reviews the integrity of\n                                                                            also implemented a number\nselected information accessible       We contracted with KPMG to            of important security control\nthrough the ViSION system as part     conduct an independent evalu-         improvements in response to\nof the division\xe2\x80\x99s internal reviews.   ation of the FDIC\xe2\x80\x99s information       KPMG\xe2\x80\x99s 2007 evaluation, such as\nDSC also identified concerns          security program and practices        enhancing its encryption capabili-\nregarding the reliability of ROE      pursuant to FISMA. FISMA requires     ties and strengthening its corpo-\ninformation prior to our audit        federal agencies, including the       rate privacy program. Additional\nand was working to improve its        FDIC, to have an annual indepen-      control improvements were also\nprocesses and technology for          dent evaluation performed of their    underway at the close of the audit.\ncollecting, processing, and storing   information security program and\nelectronic ROEs. However, DSC         practices and to report the results   The above accomplishments were\nhad not performed an assess-          of the evaluation to the Office of    positive. However, KPMG identified\nment of supervisory information       Management and Budget (OMB).          a number of information security\naccessed through the ViSION           The objective of the evaluation       control deficiencies warranting\nsystem to determine an accept-        was to determine the effective-       management attention. Of\nable information accuracy rate.       ness of the FDIC\xe2\x80\x99s information        particular note, KPMG identified\nEstablishing an information accu-     security program and practices,       access control deficiencies within\nracy rate is important for ensuring   including the FDIC\xe2\x80\x99s compliance       the FDIC\xe2\x80\x99s internal network that\ncost-beneficial controls over the     with FISMA and related informa-       presented a high risk of unau-\nreliability of information accessed   tion security policies, procedures,   thorized disclosure of sensitive\nthrough the ViSION system.            standards, and guidelines.            information or compromise of\n                                                                            IT resources. While the FDIC was\nWe therefore recommended that         In general, with respect to the IT    taking prompt action to address\nthe Director, DSC, conduct an         systems and common controls           these access control deficiencies,\nassessment of key supervisory         reviewed, KPMG found that the         increased management atten-\ninformation accessed through          related program and operational       tion in this area is warranted.\nthe ViSION system in order to         controls demonstrated effective-      The report identifies eight steps\ndefine an acceptable accuracy         ness while management and             that the Corporation can take to\nrate and identify respective          technical controls warranted          improve the effectiveness of its\ncontrols and responsibilities         management attention. The FDIC        information security program\nover the reliability of supervi-      continues to build upon its past      controls in the areas of Risk\nsory information consistent with      success in addressing the informa-\n                                                                                                             37\n\x0cAssessment; Planning; Certifica-          number of key controls in place        Opportunities for Independent\ntion, Accreditation, and Security         to protect the confidentiality         Review of Information Tech-\nAssessments; Media Protection;            of sensitive email communica-          nology Projects\nAwareness and Training; Iden-             tions. Such controls include,          During a previous evaluation, we\ntification and Authentication;            for example, a corporate policy        reported that the FDIC has an\nAccess Control; and Audit and             governing the encryption of            IT governance framework and\nAccountability. In many cases,            sensitive email communications;        processes in place that gener-\nthe FDIC was already working              an enterprise-wide email encryp-       ally align with government-wide\nto improve security controls in           tion solution; background checks       norms. Notwithstanding that prior\nthese areas during KPMG\xe2\x80\x99s audit.          and confidentiality agreements         conclusion, at the Chairman\xe2\x80\x99s\n                                          for administrators supporting\nBecause this report addresses                                                    request, we explored and commu-\n                                          the email infrastructure; and a\nissues associated with information                                               nicated back to her options for\n                                          security awareness and training\nsecurity, it is not publicly available.                                          consideration that would add\n                                          program addressing, among              independent review of IT project\nControls for Protecting the               other things, the protection of        data at key decision points in the\nConfidentiality of Sensitive              sensitive email communica-             selection and control phases of the\nEmail Communications                      tions. The Division of Informa-        IT governance process. We pointed\n                                          tion Technology (DIT) was also         out that doing so would provide\nThe FDIC uses email extensively,          working to implement a number\ninternally and externally, to                                                    the Chairman, the Board, and\n                                          of additional email security control   management with greater assur-\nexchange business information             improvements during the audit.\nsuch as open bank data, contract                                                 ance that information presented\nnegotiations, personnel data,             While such actions were posi-          for project status or decision-\nand legal matters. Protecting             tive, controls over administrator      making purposes had been\nthe confidentiality of sensitive          access to the email infrastructure     objectively and completely vetted.\nemail communications requires             needed to be strengthened. In          The report we issued to her also\na comprehensive set of security           addition, KPMG identified several      provided perspective on the\ncontrols and sustained vigi-              potential control enhancements         difficulties that federal agencies\nlance to address current and              intended to further mitigate           encounter in implementing large\nemerging security threats.                the risk of email exposure at the      IT investments, other agencies\xe2\x80\x99\n                                          FDIC that DIT should assess for        practices in this area, a brief\nWe contracted with KPMG to                implementation. KPMG made two\nconduct an audit to assess the                                                   discussion of the pros and cons of\n                                          recommendations for improve-           adding independent review to the\nFDIC\xe2\x80\x99s controls for protecting            ments. The FDIC concurred with\nthe confidentiality of sensitive                                                 current governance framework,\n                                          both recommendations, and its          and FDIC management\xe2\x80\x99s views\nemail communications and to               planned actions were respon-\nidentify opportunities for miti-                                                 regarding existing forms of review\n                                          sive to the recommendations.           that management considers to be\ngating risk where appropriate.\n                                                                                 independent. Finally, the report\nKPMG found that the FDIC had a                                                   emphasized the importance of\n38\n\x0cChairman and Board engage-            posting of the payment transac-\nment in IT issues, open and clear     tions. Additionally, the FDIC has\ncommunication between the             enhanced its Contract Over-\nChairman and Chief Information        sight Management Program to\nOfficer, and timely and forthright    ensure that oversight managers\ndiscussion of IT project health.      receive and complete training\n                                      regarding their roles in indepen-\nFDIC\xe2\x80\x99s Controls Over Contractor       dently reviewing and approving\nInvoice Approval, Payment, and        contractor invoices for payment.\nPosting to the General Ledger\n                                      Based on our review of the 30\nOf the FDIC\xe2\x80\x99s $992 million in         sampled contractor invoices,\ncalendar-year 2007 operating          representing total FDIC expen-\nexpenses, over $250 million           ditures of $5.7 million, we found\nrepresents amounts paid for           that additional control activities\ncontracted goods and services.        could improve the oversight\nThrough June 2008, $121 million       manager\xe2\x80\x99s review and approval\nof $495 million in operating          procedures. Thus, to better ensure\nexpenses was for contractor           the effectiveness and efficiency of\npayments, part of which was paid      operations, reliability of financial\nbased on contractor invoices.         reporting, and compliance with\nWe conducted an audit to assess       FDIC policies and procedures,\nthe FDIC\xe2\x80\x99s controls over contractor   we recommended that DOF and\ninvoice approval, payment, and        DOA ensure the segregation of\nposting to the General Ledger. Our    duties for invoice preparation\nreview included a sample of 30 of     and approval. We also recom-\n1,148 FDIC invoices, representing     mended DOA ensure that the\n$5.7 million in contractor invoice    OMs receive confirmation letters;\npayments that totaled $37.5           complete required training; and\nmillion during the period October     maintain current, accurate, and\n2007 through March 2008.              complete documentation in the\n                                      Corporation\xe2\x80\x99 official system of\nThe FDIC has established and          records for contract activities.\nimplemented generally adequate\ncontrols over contractor invoice      DOA and DOF concurred with our\napproval, payment, and posting        recommendations and planned\nto the general ledger. The New        to take responsive actions.\nFinancial Environment provides\nan audit trail from the autho-\nrized invoice approval through\n                                                                             39\n\x0c     6                      Strategic Goal 6:\n                            OIG Internal Processes:\n                            Build and Sustain a High-Quality\n                            Staff, Effective Operations, OIG\n                            Independence, and Mutually\n                            Beneficial Working Relationships\n\n\n\n\n     W\n     While the OIG\xe2\x80\x99s audit, evalua-         independence. The OIG adheres to       The OIG also places a high\n     tion, and investigation work is        the Quality Standards for Federal      priority on maintaining positive\n     focused principally on the FDIC\xe2\x80\x99s      Offices of Inspector General, issued   relationships with the Congress\n     programs and operations, we have       by the President\xe2\x80\x99s Council on          and providing timely, complete,\n     an obligation to hold ourselves to     Integrity and Efficiency (PCIE) and    and high quality responses to\n     the highest standards of perfor-       the Executive Council on Integ-        congressional inquiries. In most\n     mance and conduct. We seek to          rity and Efficiency (ECIE), soon to    instances, this communication\n     develop and retain a high-quality      be combined in a single Council.       would include semiannual reports\n     staff, effective operations, OIG       Further, the OIG conducts its audit    to the Congress, issued audit and\n     independence, and mutually             work in accordance with generally      evaluation reports, information\n     beneficial working relation-           accepted Government Auditing           related to completed investiga-\n     ships with all stakeholders.           Standards; its evaluations in accor-   tions, comments on legislation\n                                            dance with PCIE Quality Standards      and regulations, written state-\n     To ensure a high-quality staff,\n                                            for Inspections; and its investiga-    ments for congressional hear-\n     we must continuously invest in\n                                            tions, which often involve allega-     ings, contacts with congressional\n     keeping staff knowledge and\n                                            tions of serious wrongdoing that       staff, responses to congressional\n     skills at a level equal to the work\n                                            may involve potential violations       correspondence, and materials\n     that needs to be done, and we\n                                            of criminal law, in accordance with    related to OIG appropriations.\n     emphasize and support training\n                                            Quality Standards for Investiga-\n     and development opportunities                                                 The Inspectors General appointed\n                                            tions established by the PCIE and\n     for all OIG staff. We also strive to                                          by the President and confirmed\n                                            ECIE, and procedures established\n     keep communication channels                                                   by the Senate are members of the\n                                            by the Department of Justice.\n     open throughout the office. We                                                PCIE. We have fully supported and\n     are mindful of ensuring effec-         Strong working relationships are       participated in PCIE activities and\n     tive and efficient use of human,       fundamental to our success. We         coordinate closely with represen-\n     financial, IT, and procurement         place a high priority on main-         tatives from the other the financial\n     resources in conducting OIG            taining positive working relation-     regulatory OIGs. Additionally, the\n     audits, evaluations, investiga-        ships with the FDIC Chairman,          OIG meets with representatives\n     tions, and other support activities,   Vice Chairman, other FDIC Board        of the U.S. Government Account-\n     and have a disciplined budget          members, and management                ability Office to coordinate work\n     process to see to that end.            officials. The OIG is a regular        and minimize duplication of\n                                            participant at Audit Committee         effort and with representatives\n     To carry out our responsibilities,\n                                            meetings where recently issued         of the Department of Justice,\n     the OIG must be professional,\n                                            audit and evaluation reports           including the FBI and U.S. Attor-\n     independent, objective, fact-\n                                            are discussed. Other meetings          neys\xe2\x80\x99 Offices, to coordinate our\n     based, nonpartisan, fair, and\n                                            occur throughout the year as           criminal investigative work and\n     balanced in all its work. Also, the\n                                            OIG officials meet with division       pursue matters of mutual interest.\n     IG and OIG staff must be free both\n                                            and office leaders and attend\n     in fact and in appearance from                                                The FDIC OIG has its own strategic\n                                            and participate in internal FDIC\n     personal, external, and organi-                                               and annual planning processes\n                                            conferences and other forums.\n     zational impairments to their\n40\n\x0cindependent of the Corporation\xe2\x80\x99s       beneficial working relationships,\nplanning process, in keeping with      the OIG\xe2\x80\x99s 2008 performance goals\nthe independent nature of the          were as follows:\nOIG\xe2\x80\x99s core mission. The Govern-\n                                         \xe2\x80\xa2\tEffectively and efficiently\nment Performance and Results\n                                         \t manage OIG human, financial,\nAct of 1993 (GPRA) was enacted\n                                         \t IT, and physical resources\nto improve the management,\neffectiveness, and accountability        \xe2\x80\xa2\tEnsure quality and efficiency of\nof federal programs. GPRA requires       \t OIG audits, evaluations, investi-\nmost federal agencies, including         \t gations, and other projects and     Summer intern Alan Kolick, College of\nthe FDIC, to develop a strategic         \t operations                          William & Mary\nplan that broadly defines the            \xe2\x80\xa2\tEncourage individual growth\nagency\xe2\x80\x99s mission and vision, an          \t and strengthen human capital\nannual performance plan that             \t management and leadership\ntranslates the vision and goals of       \t through professional develop-\nthe strategic plan into measurable       \t ment and training\nobjectives, and an annual perfor-\nmance report that compares actual        \xe2\x80\xa2\tFoster good client, stakeholder,\nresults against planned goals.           \t and staff relationships\n\nThe OIG strongly supports GPRA           \xe2\x80\xa2\tEnhance OIG risk management\nand is fully committed to applying       \t activities\nits principles of strategic planning   A brief listing of OIG activities in\nand performance measurement            support of these performance            Summer intern Donzell Tate, McDaniel College\nand reporting to our operations.       goals follows.\nThe OIG\xe2\x80\x99s Business Plan lays the\nbasic foundation for establishing\ngoals, measuring performance,\nand reporting accomplishments\nconsistent with the principles\nand concepts of GPRA. We are\ncontinuously seeking to better\nintegrate risk management\nconsiderations in all aspects of\nOIG planning\xe2\x80\x94both with respect\nto external and internal work.                                                 Wade Walters, Social Security Administration\n                                                                               Senior Executive Service candidate\nTo build and sustain a high-quality\nstaff, effective operations, OIG\nindependence, and mutually\n                                                                                                                       41\n\x0c            Effectively and Efficiently Manage OIG Human, Financial, IT, and Physical Resources\n     1   Developed OIG staffing plan and related priorities in the interest of succession planning and to ensure\n         that OIG staff is sufficient to address work challenges ahead.\n     2   Continued realignment of the OIG investigative resources with FDIC regions, by reassigning OI staff,\n         and advertising and filling vacancies.\n     3   Prepared informational materials outlining needed financial resources for presentation to the FDIC\n         Chairman, OMB, and the House and Senate Appropriations Subcommittees in support of the OIG\xe2\x80\x99s FY\n         2009 and 2010 budget requests.\n     4   Carried out an initiative to train all OIG employees and contractors on the use of various encryption\n         tools.\n     5   Increased OIG security awareness by creating links from the OIG\xe2\x80\x99s internal Web site to the FDIC informa-\n         tion security program and encryption guidance Web sites.\n     6   Continued a project to upgrade STAR\xe2\x80\x94the OIG\xe2\x80\x99s audit and evaluation tracking system\xe2\x80\x94and an associ-\n         ated review of how we are using TeamMate as we conduct audits and evaluations in the interest of\n         leveraging that technology and ensuring efficiency in our work.\n     7   Explored opportunities to leverage the resources of OI\xe2\x80\x99s ECU and Office of Audit\xe2\x80\x99s computer lab, staffs,\n         equipment, and IT staff in the Office of Management.\n     8   Continued to partner with DIT to ensure the security of OIG information in the FDIC computer network\n         infrastructure.\n\n\n         Ensure Quality and Efficiency of OIG Audits, Evaluations, Investigations, and Other Projects\n                                               and Operations\n     1   Implemented new OA policies and procedures, including a revised assignment management process\n         to better ensure efficiency, effectiveness, and quality of efforts.\n     2   Continued to use a contract awarded to a qualified firm to provide audit and evaluation services to\n         the OIG to enhance the quality of our work and the breadth of our expertise as we conduct audits and\n         evaluations and closely monitored contractor performance.\n     3   Continued to maintain and update the OIG\xe2\x80\x99s Dashboard\xe2\x80\x94a project management monitoring, tracking,\n         and reporting tool for OIG projects.\n     4   Took steps to better monitor costs associated with audits and evaluations in the interest of\n         economy and efficiency. Reduced average time and cost of audit and evaluation assignments.\n     5   Continued use of the OIG\xe2\x80\x99s end-of-assignment feedback forms to provide staff with input on perfor-\n         mance of individual audit and evaluation assignments and incorporated suggested improvements to\n         the form.\n     6   Implemented a new IG Feedback form for audit and evaluation assignments that focuses on overall\n         assignment quality elements, including time, cost, and value.\n     7   Updated and revised Office of Evaluations policies and procedures to establish guidance for\n         conducting work in accordance with inspection standards promulgated by the PCIE.\n     8   Conducted quality control reviews of the OIG\xe2\x80\x99s investigative operations in the Midwest\n         region, and of OA\xe2\x80\x99s coverage of laws and regulations in performance audits.\n     9   Conducted a peer review of the investigative operations of the Environmental Protection Agency OIG,\n         as required by the PCIE.\n\n\n\n42\n\x0cEncourage Individual Growth and Strengthen Human Capital Management and Leadership Through\n                            Professional Development and Training\n1    Implemented revised OIG Career Development Plan forms, making them more aligned with OIG\n     strategic goals and the training, skills, and experience needed to better achieve those goals. Also inte-\n     grated OIG training plans into the forms.\n2    Expanded use of forensic accountant positions\xe2\x80\x94to allow OIG staff with accounting skills to assist OIG\n     investigators in conducting investigations of mortgage fraud and other financial institution fraud cases.\n3    Continued to support members of the OIG attending long-term graduate banking school programs\n     sponsored by Stonier, the Southeastern School of Banking at Vanderbilt University, and the Univer-\n     sity of Wisconsin to enhance OIG staff expertise and knowledge of the banking industry.\n4    Planned for a material loss review training program to better equip OIG staff with skills and expertise\n     needed to meet demands of increased material loss review workload.\n5    Participated in FBI-sponsored training in mortgage fraud to help ensure that OIG investigators and\n     others involved have the requisite knowledge to investigate the growing number of mortgage fraud\n     schemes perpetrated throughout the country.\n6    Hosted two summer interns in our Offices of Audits and Investigations. Also hosted a candidate for\n     the Social Security Administration\xe2\x80\x99s Senior Executive Service Candidate Development Program.\n\n\n                      Foster Good Client, Stakeholder, and Staff Relationships\n1    Maintained Congressional working relationships by providing our Semiannual Report to the Congress\n     for the 6 month period ending March 31, 2008; communicating with and providing requested materials\n     to the cognizant Subcommittees of the Senate and House Committees on Appropriations regarding\n     our FY 2009 budget; notifying interested congressional parties regarding the OIG\xe2\x80\x99s completed audit\n     and evaluation work; attending or monitoring FDIC-related hearings on issues of concern to various\n     oversight committees; coordinating with the Corporation\xe2\x80\x99s Office of Legislative Affairs on issues of\n     mutual interest; and providing input to staff on the House Financial Services and Senate Banking\n     Committees regarding oversight issues in the Emergency Economic Stabilization Act of 2008.\n2    Communicated with the FDIC Chairman, Vice Chairman, Director Curry, and other senior FDIC\n     officials through the IG\xe2\x80\x99s regularly scheduled meetings with them and through other forums.\n3    Participated in DSC regional meetings to provide general information regarding the OIG and\n     OI case studies on bank frauds that are of importance to DSC and the banking industry.\n4    Held quarterly meetings with FDIC Directors and other senior officials to keep them apprised of\n     ongoing audit and evaluation reviews and results.\n5    Kept DSC, DRR, the Legal Division, and other FDIC program offices informed of the status and results\n     of our investigative work impacting their respective offices. This was accomplished by notifying FDIC\n     program offices of recent actions in OIG cases and providing OI\xe2\x80\x99s quarterly reports to DSC, DRR, the\n     Legal Division, and the Chairman\xe2\x80\x99s Office outlining activity and results in our cases involving closed and\n     open banks, asset and restitution cases.\n6    Participated at FDIC Audit Committee meetings to present the results of significant completed audits\n     and evaluations for consideration by Committee members.\n7    Reviewed 10 draft corporate policies on a range of topics. Among the policies we reviewed were those\n     related to the following: Enterprise Data Management Program, IT Contingency Planning, Acquisition\n     Policy Manual, and Standards of Ethical Conduct.\n\n\n\n\n                                                                                                                 43\n\x0c     8    Supported the IG community by having the IG serve as Chair of the PCIE Audit Committee and coor-\n          dinating the activities of that group; attending monthly PCIE meetings and participating in Inspection\n          & Evaluation Committee and Council of Counsels to the IGs meetings; loaning staff to the Department\n          of the Treasury OIG for material loss review work; providing investigative and counsel resource assis-\n          tance to the Federal Housing Finance Board; and providing support to the IG community\xe2\x80\x99s investigative\n          meetings and training activities.\n     9    Met regularly with representatives of the OIGs of the federal banking regulators (Board of Governors of\n          the Federal Reserve System, Department of the Treasury, National Credit Union Administration, Securi-\n          ties and Exchange Commission, Farm Credit Administration, Commodity Futures Trading Commission,\n          Federal Housing Finance Board, and EX-IM Bank) to discuss audit and investigative matters of mutual\n          interest.\n     10   Continued to hold quarterly meetings of the OIG\xe2\x80\x99s Employee Advisory Group to provide the elected\n          staff an opportunity to meet with the IG to discuss issues of OIG-wide interest or concern.\n     11   Continued to post and/or update information on the FDIC OIG Internet (www.fdicig.gov) and Intranet\n          sites to ensure transparency and stakeholder accessibility to OIG products, including Semiannual\n          Reports to the Congress, audit and evaluation reports, and investigation-related press releases.\n\n\n                                    Enhance OIG Risk Management Activities\n     1    Continued efforts to carry out and monitor the OIG\xe2\x80\x99s FY 2008 business planning process, including\n          holding meetings to assess progress and begin planning for FY 2009. Held a series of internal OIG meet-\n          ings to identify significant activities and risks within the Corporation and the financial services industry.\n     2    Participated regularly at corporate meetings of the National Risk Committee and kept current with the\n          FDIC\xe2\x80\x99s Risk Analysis Center presentations to monitor emerging risks at the Corporation and tailor OIG\n          work accordingly.\n     3    Conducted activities in support of the OIG\xe2\x80\x99s 2008 assurance statement to the Chairman under which\n          the OIG provides assurance that our office has made a reasonable effort to meet the internal control\n          requirements of the Federal Managers\xe2\x80\x99 Financial Integrity Act, OMB A-123, and other key legislation.\n     4    Identified key hard copy and electronic records that the OIG should maintain in a secure off-site loca-\n          tion to ensure continuity of operations in the event of an emergency and conveyed those to the site.\n     5    Revised OIG Business Continuity Plan to reflect steps for restoring critical OIG business processes.\n     6    Issued updated guidance related to the OIG\xe2\x80\x99s readiness to respond in an office emergency situation.\n\n\n\n\n44\n\x0c                   Cumulative Results (2-year period)\n                                             Nonmonetary Recommendations\n                    October 2006 - March 2007                                              35\n                    April 2007 - September 2007                                            07\n                    October 2007 - March 2008                                              52\n                    April 2008 - September 2008                                            24\n\n\n\n                   Products Issued and Investigations Closed\n                                                                                  40\nL E G E N D                                                             39\n                                                                                  35\n\xe2\x80\xa2   10/06 - 3/07                                           30                     30\n\xe2\x80\xa2   4/07 - 9/07                                                                   25\n                                                                23\n\xe2\x80\xa2   10/07 - 3/08                                                                  20\n\xe2\x80\xa2   4/08 - 9/08                                                                   15\n                                 15     15                                   14\n                       11   12\n                                                                                  10\n                                                                                   5\n                                                                                   0\n\n                          Audits &                         Investigations\n                         Evaluations\n\n\n                   Fines, Restitution, and Monetary Recoveries\n                   Resulting from OIG Investigations\n                   (in millions)\nL E G E N D                                                     352.9\n                                                                                  400\n\n\xe2\x80\xa2   10/06 - 3/07                                                                  300\n\xe2\x80\xa2   4/07 - 9/07\n\xe2\x80\xa2   10/07 - 3/08                                                                  200\n\xe2\x80\xa2   4/08 - 9/08                                     86.9\n                                 75.6                                             100\n                                             40.7\n\n                                                                                       0\n\n\n\n\n                                                                                                45\n\x0cFiscal Year 2008\nPerformance Report\n\nThis performance report presents an overview of our performance compared to the fiscal year (FY) 2008 annual\nperformance goals in our Business Plan. It provides a statistical summary of our qualitative goals as well as a narrative\nsummary of performance results by Strategic Goal. It also shows our results in meeting a set of quantitative goals that\nwe established for the year. Our complete 2008 Business Plan is available at www.fdicig.gov.\nWe formulated six strategic goals, as shown in the table below. Each of our strategic goals, which are long-term efforts,\nhas annual performance goals and key efforts that represent our initiatives in FY 2008 toward accomplishing the\nstrategic goal. The table reflects the number of performance goals that were Met, Substantially Met, or Not Met. This\ndetermination was made through ongoing discussions at the OIG Executive level and a qualitative assessment as to the\nimpact and value of the audit, evaluation, investigation, and other work of the OIG supporting these goals throughout\nthe year.\nAs shown in the table, we met or substantially met all of our performance goals in FY 2008. A discussion of our success\nin each of the goals follows the table.\n Fiscal Year 2008 Annual Performance Goal Accomplishment\n (Number of Goals)\n\n                                                                                            Performance Goals\n                                  Strategic Goals                                         Substantially    Not\n                                                                                  Met                              Total\n                                                                                              Met          Met\n Supervision: Assist the FDIC to Ensure the Nation\xe2\x80\x99s Banks Operate Safely and      1            1                    2\n Soundly\n Insurance: Help the FDIC Maintain the Viability of the Insurance Fund             1            1                    2\n Consumer Protection: Assist the FDIC to Protect Consumer Rights and Ensure        1            1                    2\n Customer Data Security and Privacy\n Receivership Management: Help Ensure that the FDIC is Ready to Resolve Failed     1            1                    2\n Banks and Effectively Manages Receiverships\n FDIC Resources Management: Promote Sound Governance and Effective                 2            4                    6\n Stewardship and Security of Human, Financial, IT, and Physical Resources\n OIG Internal Processes: Build and Sustain a High-Quality OIG Staff, Effective     3            2                    5\n Operations, OIG Independence, and Mutually Beneficial Working Relationships\n Total                                                                             9           10                    19\n Percentage                                                                        47          53                   100\n\n\n\n\n46\n\x0cStrategic Goal 1 - Supervision: Assist the FDIC to Ensure\nthe Nation\xe2\x80\x99s Banks Operate Safely and Soundly\nOur work in helping to ensure that the nation\xe2\x80\x99s banks operate safely\nand soundly took the form of audits, investigations, evaluations,\nand extensive communication and coordination with FDIC divisions\nand offices, law enforcement agencies, other financial regulatory\nOIGs, and banking industry officials. During the past FY, we issued a\nreport on the implementation of the FDIC\xe2\x80\x99s supervisory guidance for\nnontraditional mortgage products, focusing on the FDIC\xe2\x80\x99s response\nto worsening conditions in the mortgage industry and looking at the\nrelatively small number of FDIC-supervised institutions with significant\ninvolvement in such products. We also completed audits of the FDIC\xe2\x80\x99s\nconsideration of commercial real-estate concentration risk in FDIC-\nsupervised institutions, the FDIC\xe2\x80\x99s examination assessment of interest\nrate risk and liquidity risk, and its controls over the CAMELS rating\nreview process. Another of our audits reviewed the FDIC\xe2\x80\x99s implementa-\ntion of the USA PATRIOT Act, noting that comprehensive examination\nprocedures are in place to evaluate institution compliance with the\nanti-money laundering and terrorist financing provisions of the Act.\nWith respect to investigative work, as a result of cooperative efforts with\nU.S. Attorneys throughout the country, numerous individuals were pros-\necuted for financial institution fraud, and we achieved successful results in\ncombating a number of mortgage fraud schemes. In total, during the past\nperformance year, we reported 123 indictments/informations; 103 convic-\ntions; and fines, restitution, and monetary recoveries of $440 million.\nNoteworthy results include the stiff sentencings of multiple subjects for\nmortgage fraud. To illustrate, a Dallas businessman was sentenced to 262\nmonths of incarceration and ordered to pay restitution of $2 million. In\nanother case, an Illinois businessman and his associate were sentenced\nto 235 months and 97 months, respectively, for their role in an $8 million\nreal estate land flip scheme. Another purported real estate investor was\nsentenced to 11 years in prison and ordered to pay $1.4 million to victim\nbanks and mortgage lenders. In another case involving bank fraud, the\nformer president and chief executive officer of Farmers Deposit Bank,\nEminence, Kentucky, was sentenced to 36 months of incarceration and\nordered to pay restitution of more than $13 million to the bank. Another of\nour investigations led to the sentencing of the former president and loan\nofficer of the Bank of Paxton to 60 months of incarceration, and he was\nsimilarly ordered to pay restitution of $4.9 million to the bank. A former\nloan customer, who was also a principal figure in the music industry, was\nsentenced to 25 years in prison, to be followed by 3 years of probation\nfor his role in a massive bank fraud involving 10 financial institutions.\nHe was ordered to pay a total of more than $310 million in restitution.\nThe Office of Investigations also continued its close coordination and\noutreach with the Division of Supervision and Consumer Protection\n(DSC), the Division of Resolutions and Receiverships, and the Legal Divi-\nsion by way of attending quarterly meetings, regional training forums,\nand regularly scheduled meetings with DSC and the Legal Division to\nreview Suspicious Activity Reports and identify cases of mutual interest.\n\n\n\n\n                                                                            47\n\x0c     Strategic Goal 2 - Insurance: Help the FDIC Maintain the\n     Viability of the Insurance Fund\n     We conducted audit work related to the FDIC\xe2\x80\x99s receipt and assessment\n     of savings association subsidiary notices, at the request of staff from\n     the U.S. Senate Committee on Banking, Housing and Urban Affairs. We\n     reported that the FDIC had developed an adequate control process\n     for reviewing the subsidiary notices that it received from institutions.\n     At the end of the reporting period, ongoing work in this goal area\n     included an audit of the Corporation\xe2\x80\x99s off-site monitoring activities\n     for insurance risk and an audit of the FDIC\xe2\x80\x99s investment management\n     practices related to the Deposit Insurance Fund, the results of which\n     will be included in an upcoming semiannual report. The OIG\xe2\x80\x99s ongoing\n     work in conducting material loss reviews of failed institutions (of which\n     four were on-going as of the end of the reporting period) also serves\n     to help maintain the viability of the fund, as we seek to determine the\n     causes of failure and make recommendations to prevent future losses.\n     Similarly, OIG investigations have supported this goal in that inves-\n     tigations often lead to successful prosecutions of fraud in finan-\n     cial institutions and/or fraud that can cause losses to the fund.\n\n\n\n     Strategic Goal 3 - Consumer Protection: Assist the FDIC\n     to Protect Consumer Rights and Ensure Customer Data\n     Security and Privacy\n     Audits and investigations contributed to the FDIC\xe2\x80\x99s protection of consumers\n     in several ways. We completed our audit of examination procedures for\n     assessing controls to protect customer and consumer information at\n     multi-regional data processing servicers. In that report we made recom-\n     mendations to better ensure examination procedures at technology\n     service providers are commensurate with the risk of unauthorized\n     access to customer and consumer information and applied consistently\n     across FDIC regions. At the end of the reporting period, we had several\n     assignments ongoing or planned in support of this goal, including an\n     audit of consumer credit underwriting practices in community banks.\n     At the Chairman\xe2\x80\x99s request, our evaluations group is also conducting\n     work in the area of enforcement actions for compliance violations.\n     From an investigative standpoint, as a result of an ongoing investigation,\n     two securities sales representatives pleaded guilty to a fraud scheme where\n     they misled elderly investors into believing that their funds were invested\n     in FDIC-insured certificates of deposit when, in fact, they were not. Addi-\n     tionally, the former owner of the securities firm pleaded guilty to securities\n     fraud for his role in the marketing scheme. The OIG\xe2\x80\x99s Electronic Crimes Unit\n     (ECU) was also successful in working to deactivate a total of 51 fraudu-\n     lent email accounts involving false claims of FDIC insurance or affiliation.\n     The ECU responded to Internet-based schemes where the FDIC and OIG\n     Web sites were misused to entice consumers to divulge personal informa-\n     tion and successfully shut down two Web sites used for such purposes.\n\n\n\n\n48\n\x0cStrategic Goal 4 - Receivership Management: Help Ensure\nthat the FDIC is Ready to Resolve Failed Banks and\nEffectively Manages Receiverships\nAt FDIC management\xe2\x80\x99s request, we completed an evaluation assign-\nment related to the FDIC\xe2\x80\x99s Claims Administration System, a development\neffort to automate the handling of deposit insurance determination\nfunctions and the processing and payment of claims associated with\nfailed financial institutions. We made four suggestions to manage-\nment as a result. We also conducted an evaluation of the Corpora-\ntion\xe2\x80\x99s contingency planning for large-scale resolution activity, and\ncommunicated our observations to FDIC senior management officials.\nWe continued to monitor the FDIC\xe2\x80\x99s Strategic Readiness Project. With\nthe failure of IndyMac in July 2008, we also performed a high-level\ncontrols review of the IndyMac conservatorship. Other work in support\nof the goal included an audit of internal control in the FDIC\xe2\x80\x99s receiver-\nship accounting process and an audit of protection of resolution and\nreceivership data managed or maintained by FDIC contractors.\nWe continued to pursue concealment of assets investigations related to\nthe more than $1.7 billion in criminal restitution that the FDIC is owed. In\nconnection with one such investigation, during the performance reporting\nperiod, a debtor who had previously claimed he could not pay was\nordered to make a restitution payment of more than $400,000 to the FDIC.\n\n\n\nStrategic Goal 5 - Resources Management: Promote\nSound Governance and Effective Stewardship and\nSecurity of Human, Financial, IT, and Physical Resources\nThe OIG devoted substantial resources to this goal area during the\nFY, resulting in a variety of issues addressed. Of note with respect to\nthis strategic goal, we issued the results of our review of the Corpora-\ntion\xe2\x80\x99s enterprise risk management program, making seven recom-\nmendations and two suggestions for enhancements. At the Chairman\xe2\x80\x99s\nrequest, we also assessed the integrity of the FDIC\xe2\x80\x99s information tech-\nnology (IT) procurement activity and the FDIC\xe2\x80\x99s governance framework\nrelated to the selection, management, and evaluation of IT projects\nand made recommendations for enhancements in both areas. We\nlater conducted follow-on work on options for independent review\nof IT project data at key decision points in the selection and control\nphases of the IT governance process. We performed a related audit to\nassess the FDIC\xe2\x80\x99s contract oversight management of its $357 million\nIT infrastructure services contract and support for payments made by\nthe FDIC under the contract, making recommendations in that report\nto strengthen governance and promote transparency and commu-\nnication throughout the infrastructure services contract program.\nWe issued several other audit and evaluation reports in this goal area\nand made suggestions to improve the quality and reliability of the\nCorporation\xe2\x80\x99s telework participation data and further enhance secu-\nrity of data used when teleworking; strengthen controls over the\nheadquarters and Dallas transit subsidy programs; enhance features\nof the Corporation\xe2\x80\x99s IT disaster recovery program and related security\ncontrols; enhance controls for the continuous replacement and disposal\n                                                                           49\n\x0cprocess for laptop computers; and implement steps to improve the\nFDIC\xe2\x80\x99s energy management practices. We performed an audit of the\nCorporation\xe2\x80\x99s controls over contractor payments for relocation services\nand another audit of controls over background checks of child care\nprovider personnel. In the IT area, we also audited the reliability of\ninformation accessed through the Virtual Supervisory Information on\nthe Net system. We engaged KPMG, LLP to audit the FDIC\xe2\x80\x99s informa-\ntion security program, pursuant to the Federal Information Security\nManagement Act of 2002 (FISMA). In another audit that fed into our\nFISMA work, KPMG audited the FDIC\xe2\x80\x99s controls over the confidenti-\nality of sensitive email communications and made recommendations\nto strengthen those controls. Additionally, we audited controls over\ncontract invoice approval, payment, and posting to the general ledger.\nWe also promoted integrity in FDIC internal operations through ongoing\nOIG Hotline referrals and coordination with FDIC management.\n\n\n\nStrategic Goal 6 - OIG Internal Processes: Build and\nSustain a High-Quality OIG Staff, Effective Operations,\nOIG Independence, and Mutually Beneficial Working\nRelationships\nTo ensure effective and efficient management of OIG resources, among\nother activities, we continued realignment of the OIG investigative\nresources with FDIC regions, by reassigning Office of Investigations\nstaff, advertising, and filling vacancies. We also conducted Virtual Work-\nforce training for all OIG staff to foster an office-wide understanding of\nissues related to implementing and carrying out a successful telework\nprogram. Further, we conducted a project to upgrade the OIG\xe2\x80\x99s audit\nand evaluation tracking system and undertook an associated review of\nhow we are using TeamMate as we conduct audits and evaluations to\nbetter leverage that technology and ensure efficiency in our work.\nIn the interest of ensuring quality and efficiency in our work and opera-\ntions, we revised the Office of Audits Policy and Procedures Manual to\naddress changes in the performance audit standards and process changes\ndeemed advisable as a result of an internal assignment management\nreview and external peer review results. We also awarded a contract to\na qualified firm to provide audit and evaluation services to the OIG to\nenhance the quality of our work and the breadth of our expertise. We\ntook steps to better track and contain costs associated with audits and\nevaluations in the interest of economy and efficiency. We continued\nuse of the OIG\xe2\x80\x99s end-of-assignment feedback forms to provide staff\nwith input on performance of individual audit and evaluation assign-\nments and incorporated suggested improvements to the form. We also\nimplemented a new IG feedback form for audit and evaluation assign-\nments that focuses on overall assignment quality elements, including\ntime, cost, and value. With respect to our investigative operations,\nwe conducted quality control reviews of the OIG\xe2\x80\x99s Hotline program,\nheadquarters offices, and the Southwest and Midwest regions.\n\n\n\n\n50\n\x0cWe encouraged individual growth through professional develop-\nment by way of initiatives such as revising career development plans\nto better align them with OIG goals and integrating training plans\nfor OIG staff in the career development plans, continuing the OIG\nmentoring program, advertising multiple expressions of interest for\nforensic accountants to assist investigators in conducting financial\ninstitution fraud cases, offering opportunities for OIG staff to attend\ngraduate schools of banking, and sponsoring two interns and a\nsenior executive service candidate from another federal agency.\nOur office continued to foster positive stakeholder relationships by way\nof IG and other OIG executive meetings with senior FDIC executives;\npresentations at Audit Committee meetings; congressional interaction;\ncoordination with financial regulatory OIGs, other members of the IG\ncommunity, other law enforcement officials, and the U.S. Government\nAccountability Office (GAO). The IG assumed the role of Chair of the Audit\nCommittee of the President\xe2\x80\x99s Council on Integrity and Efficiency, and\nin that capacity is a leader in the federal audit community. Members of\nthe OIG Employee Advisory Group held quarterly meetings with the IG,\nthe OIG participated in corporate diversity events, and we maintained\nand updated the OIG Web site to provide easily accessible information\nto stakeholders interested in our office and the results of our work.\nIn the area of enhancing OIG risk management activities, we continued\nefforts to carry out and monitor the OIG\xe2\x80\x99s FY 2008 business planning\nprocess, including holding meetings to assess progress, and planned\nfor FY 2009, including meeting internally and externally to discuss\nsignificant activities and risks within the Corporation and the financial\nservices industry, with particular attention to the unparalleled events in\nthe economy and financial services sector over the past several months.\nWe also participated regularly at corporate meetings of the National\nRisk Committee to monitor emerging risks at the Corporation and tailor\nOIG work accordingly. In accordance with the Reports Consolidation\nAct of 2000, we assessed the most significant management and perfor-\nmance challenges facing the FDIC, and provided this assessment to\nFDIC management for inclusion in the Corporation\xe2\x80\x99s performance and\naccountability report. We submitted the OIG\xe2\x80\x99s 2007 Assurance State-\nment to the FDIC Chairman, in accordance with the annual require-\nment under which the OIG provides assurance that the OIG has made\na reasonable effort to meet the internal control requirements of the\nFederal Managers\xe2\x80\x99 Financial Integrity Act, OMB A-123, and other key\nlegislation. We also prepared for our 2008 statement. At GAO\xe2\x80\x99s request,\nwe provided the OIG\xe2\x80\x99s perspectives related to internal fraud risk at the\nFDIC in connection with GAO\xe2\x80\x99s responsibility under Statement of Auditing\nStandards No. 99, Consideration of Fraud in Financial Statement Audits.\nFrom an internal OIG perspective, we focused much attention on emer-\ngency preparedness, contingency planning, and continuity of operations\nto ensure OIG employee safety and to mitigate risks posed by any threats\nto our people and our mission.\n\n\n\n\n                                                                          51\n\x0cQuantitative Performance Measures 2008\n                                                                                                        FY 2008               FY 2008\n                                 Performance Measure                                                                                                     Status\n                                                                                                         Target                Actual\n    Financial Benefit Returna                                                                             100%                 2078%                       Met\n    Other Benefits  b\n                                                                                                          100%                  100%                       Met\n    Past Recommendations Implemented              c\n                                                                                                          95%                    99%                       Met\n    Audit Reports Issued                                                                                    20                    20                       Met\n    Evaluation Reports Issued                                                                               10                    10                       Met\n    Audit Assignments Completed Within 30 days of Established Final Report\n                                                                                                          90%                    94%                       Met\n    Milestone\n    Evaluation Assignments Completed Within 30 days of Established Final\n                                                                                                          90%                    70%                    Not Met\n    Report Milestone\n    Audit Assignments Completed Within 15 Percent of Established Budget                                   90%                    88%              Substantially Met\n    Evaluation Assignments Completed Within 15 Percent of Established\n                                                                                                          90%                    80%              Substantially Met\n    Budget\n    Investigation Actionsd                                                                                 120                   409                       Met\n    Closed Investigations Resulting in Reports to Management, Convictions,\n                                                                                                          80%                    85%                       Met\n    Civil Actions, or Administrative Actions\n    Investigations Accepted for Prosecution Resulting in Convictions, Pleas,\n                                                                                                          70%                    67%              Substantially Met\n    and/or Settlements\n    Investigations Referred for Prosecution or Closed Within 6 Months of\n                                                                                                          85%                    93%                       Met\n    Opening Case\n    Closing Reports Issued to Management within 30 days of Completion of\n                                                                                                          100%                  100%                       Met\n    all Judicial Actions\n\na\n \t Includes all financial benefits, including audit-related questioned costs; recommendations for better use of funds; and investigative fines, restitution, settlements,\n\t and other monetary recoveries divided by OIG\xe2\x80\x99s total fiscal year budget obligations.\nb\n \t Benefits to the FDIC that cannot be estimated in dollar terms which result in improved services; statutes, regulations, or policies; or business operations and\n\t occurring as a result of work that the OIG has completed over the past several years. Includes outcomes from implementation of OIG audit/evaluation\n\t recommendations.\n\t Fiscal year 2006 recommendations implemented by fiscal year-end 2008.\nc\n\n\nd\n \t Indictments, convictions, informations, arrests, pre-trial diversions, criminal non-monetary sentencings, monetary actions, employee actions, and other\n\t administrative actions.\n\n\n\n\n52           52\n\x0cReporting Requirements\n\t           Index of Reporting Requirements - Inspector General Act\n\t           of 1978, as amended\n\n\n\n    Reporting Requirements                                                                                    Page\n    Section 4(a)(2): Review of legislation and regulations                                                           54\n    Section 5(a)(1): Significant problems, abuses, and deficiencies                                             9-39\n    Section 5(a)(2): Recommendations with respect to significant problems, abuses, and deficiencies             9-39\n    Section 5(a)(3): Recommendations described in previous semiannual reports on which corrective                    54\n    action has not been completed\n    Section 5(a)(4): Matters referred to prosecutive authorities                                                     8\n    Section 5(a)(5) and 6(b)(2): Summary of instances where requested information was refused                        58\n    Section 5(a)(6): Listing of audit reports                                                                        56\n    Section 5(a)(7): Summary of particularly significant reports                                                9-39\n    Section 5(a)(8): Statistical table showing the total number of audit reports and the total dollar value          57\n    of questioned costs\n    Section 5(a)(9): Statistical table showing the total number of audit reports and the total dollar value          58\n    of recommendations that funds be put to better use\n    Section 5(a)(10): Audit recommendations more than 6 months old for which no management                           58\n    decision has been made\n    Section 5(a)(11): Significant revised management decisions during the current reporting period                   58\n    Section 5(a)(12): Significant management decisions with which the OIG disagreed                                  58\n\n\n\n\n                                                                                                                      53\n\x0cInformation Required by the\nInspector General Act of 1978,\nas Amended\n\n\n\n     Review of Legislation and Regulations\n     It is the responsibility of the OIG Office of Counsel to review, pursuant to\n     Section 5(a) of the Inspector General Act, pending and enacted legislation and\n     regulations relating to programs and operations of the FDIC. In this regard,\n     Counsel\xe2\x80\x99s Office has been following the status of various bills relating to the\n     changing landscape of the financial industry as well as legislation pertaining\n     to the Inspector General community at large. Our review of the Emergency\n     Economic Stabilization Act of 2008; the Housing Reform Act legislation; H.R.\n     6639, the Federal Agency Performance Review and Efficiency Act; and H.R.\n     928, the Inspector General Reform Act, has continued throughout the semi-\n     annual period. In conjunction with the PCIE, Counsel\xe2\x80\x99s Office monitored\n     S.789 and H.R. 1395, the Government Credit Card Abuse Prevention Act of\n     2008, and S. 3474, the FISMA Act of 2008, and coordinated comments with\n     other Inspector General offices. Additionally, Counsel\xe2\x80\x99s Office developed, and\n     submitted to Congress, statutory language that ultimately became Section\n     126 of the Emergency Economic Stabilization Act, prohibiting misuse of the\n     FDIC name or symbol or misrepresentation as to FDIC-insured status.\n\n\n\n\n     Table I. Significant Recommendations from Previous\n     Semiannual Reports on Which Corrective Actions Have Not\n     Been Completed\n     This table shows the corrective actions management has agreed to implement\n     but has not completed, along with associated monetary amounts. In some\n     cases, these corrective actions are different from the initial recommendations\n     made in the audit reports. However, the OIG has agreed that the planned\n     actions meet the intent of the initial recommendations. The information in this\n     table is based on (1) information supplied by FDIC\xe2\x80\x99s Office of Enterprise Risk\n     Management (OERM) and (2) the OIG\xe2\x80\x99s determination of closed recommenda-\n     tions for reports issued after March 31, 2002. These two recommendations\n     from two reports involve improvements in operations and programs. OERM\n     has categorized the status of these recommendations as follows: Management\n     Action in Process.\n\n\n\n\n54\n\x0cTable I (continued): Significant Recommendations from Previous Semiannual Reports on Which\nCorrective Actions Have Not Been Completed\n                                                           Significant                Brief Summary of Planned Corrective\n    Report Number, Title & Date                            Recommendation             Actions and Associated Monetary\n                                                           Number                     Amounts\n    Management Action In Process\n    06-025                                                 3t                         Develop a written plan that defines a\n    Controls for Monitoring Access to                                                 risk-based, enterprise-wide approach\n    Sensitive Information Processed by                                                to audit logging and monitoring for the\n    FDIC Applications                                                                 FDIC\xe2\x80\x99s portfolio of information systems.\n    September 29, 2006\n    AUD-08-003                                             1n                         Clarify guidance to examiners on\n    FDIC\xe2\x80\x99s Implementation of the                                                      the identification and reporting of\n    USA PATRIOT Act                                                                   apparent customer identification\n    November 30, 2007                                                                 program (CIP) violations, including\n                                                                                      the consideration of supplemental\n                                                                                      procedures and forms and whether\n                                                                                      transaction testing is a necessary basis\n                                                                                      for citing apparent CIP deficiencies.\nt\n    \t The OIG has received some information but has requested additional information to evaluate management\xe2\x80\x99s actions in response\n\t     to the recommendation.\nn\n    \t The OIG is reviewing management\xe2\x80\x99s actions in response to the recommendation.\n\n\n\n\n                                                                                                                                    55\n\x0cTable II: Audit Reports Issued by Subject Area\n                      Audit Report                                   Questioned Costs      Funds Put to\n Number and Date                        Title                      Total     Unsupported    Better Use\n Supervision\n AUD-08-011              DSC\xe2\x80\x99s Examination Assessment\n July 7, 2008            of Interest Rate Risk\n AUD-08-012              FDIC\xe2\x80\x99s Examination of Liquidity\n July 30 , 2008          Risk\n AUD-08-014              FDIC\xe2\x80\x99s Controls Over the CAMELS\n August 12, 2008         Rating Review Process\n Receivership Management\n AUD-08-015              Protection of Resolution and\n September 2, 2008       Receivership Data Managed\n                         or Maintained by an FDIC\n                         Contractor\n AUD-08-018              FDIC\xe2\x80\x99s Receivership Service\n September 23, 2008      Billing Process\n Resources Management\n AUD-08-010              Controls Over Background\n July 2, 2008            Checks of Child Care Provider\n                         Personnel\n AUD-08-013              Controls for Protecting the\n August 12, 2008         Confidentiality of Sensitive Email\n                         Communications\n AUD-08-016              Controls Over Contractor\n September 17, 2008      Payments for Relocation Services\n AUD-08-017              FDIC\xe2\x80\x99s Controls Over Contractor\n September 22, 2008      Invoice Approval, Payment, and\n                         Posting to the General Ledger\n AUD-08-019              Reliability of Supervisory Infor-\n September 25, 2008      mation Accessed Through the\n                         Virtual Supervisory Information\n                         on the Net (ViSION) System\n AUD-08-020              Independent Evaluation of the\n September 26, 2008      FDIC\xe2\x80\x99s Information Security\n                         Program - 2008\n Totals for the Period                                        $0           $0              $0\n\n\n\n\n56\n\x0cTable III: Evaluation Reports and Memoranda Issued\n        Evaluation Reports and Memoranda                                Questioned Costs           Funds Put\n                                                                                                    to Better\n  Number and Date                         Title                      Total        Unsupported          Use\nEVAL-08-005               Energy Efficiency of the\nSeptember 24, 2008        FDIC\xe2\x80\x99s Virginia Square Facility\n                          and Information Technology\n                          Data Center\nEM-08-003                 Opportunities for Indepen-\nJune 18, 2008             dent Review of Information\n                          Technology Projects\nEM-08-004                 Contingency Planning for\nAugust 1, 2008            Large-Scale Resolution\n                          Activity\nN/A                       Memorandum: High-Level\nSeptember 23, 2008        Controls Review at IndyMac\n                          Federal Bank, FSB Conserva-\n                          torship\nTotals for the Period                                       $0                  $0                $0\n\nTable IV: Audit Reports Issued with Questioned Costs\n                                                                                     Questioned Costs\n                                                  Number\n                                                                                 Total          Unsupported\nA. For which no management decision has been                     0                   0                  0\n\t made by the commencement of the reporting\n\t period.\nB. Which were issued during the reporting period.                0                   0                  0\nSubtotals of A & B                                               0                   0                  0\nC. For which a management decision was made                      0                   0                  0\n\t during the reporting period.\n\t (i) dollar value of disallowed costs.                          0                   0                  0\n\t (ii) dollar value of costs not disallowed.                     0                   0                  0\nD. For which no management decision has been                     0                   0                  0\n\t made by the end of the reporting period.\n\t Reports for which no management decision                       0                   0                  0\n\t was made within 6 months of issuance.\n\n\n\n\n                                                                                                                57\n\x0cTable V: Audit Reports Issued with Recommendations for Better Use of Funds\n                                                                                Number         Dollar Value\n A. For which no management decision has been made by the                          0                 0\n \t commencement of the reporting period.\n B. Which were issued during the reporting period.                                 0                 0\n Subtotals of A & B                                                                0                0\n C. For which a management decision was made during the reporting                  0                 0\n \t period.\n \t (i) dollar value of recommendations that were agreed to by                      0                 0\n \t\t management.\n \t\t- based on proposed management action.                                          0                 0\n \t\t - based on proposed legislative action.                                        0                 0\n \t (ii) dollar value of recommendations that were not agreed to by                 0                 0\n \t\t management.\n D. For which no management decision has been made by the end of the               0                 0\n \t reporting period.\n \t Reports for which no management decision was made within 6 months               0                 0\n \t of issuance.\n\nTable VI: Status of OIG Recommendations Without Management Decisions\nDuring this reporting period, there were no recommendations more than 6 months old without management\ndecisions.\n\nTable VII: Significant Revised Management Decisions\nDuring this reporting period, there were no significant revised management decisions.\n\nTable VIII: Significant Management Decisions with Which the OIG Disagreed\nDuring this reporting period, there were no significant management decisions with which the OIG disagreed.\n\nTable IX: Instances Where Information Was Refused\nDuring this reporting period, there were no instances where information was refused.\n\n\n\n\n58\n\x0c                                        Congratulations and\n                                        Farewell\n                                        \t\n                                        \t\n                                        \t President\xe2\x80\x99s Council on Integrity and\n                                        \t        Efficiency Awards\n                                        Three OIG teams, representing the Office of Audits, Office of Investigations, and Office of\n                                        Evaluations, received PCIE Awards for Excellence at the PCIE Annual Awards Ceremony on\n                                        October 21, 2008.\n\n\nAward for Excellence: Audit                              Award for Excellence:\nIn recognition of excellence in auditing                 Investigation\nthe FDIC\xe2\x80\x99s controls over a $357 million                  In recognition of outstanding efforts in the\ninfrastructure services contract                         investigation of the failure of the Oakwood\nDuane H. Rosenberg, Senior                               Deposit Bank Company, Oakwood, Ohio\nAudit Specialist                                         Brian D. Fearn, Special Agent, IRS CID, Cleveland\nJill Benham, Auditor                                     Field Office\nJudith H. Hoyle, Information Technology                  Jason E. Tarnowski, Chief Enforcement Examiner,\nAuditor-in-Charge                                        Federal Reserve Bank, Cleveland\nLien K. Nguyen, Information Technology                   Jeffrey M. Paul, Special Agent, IRS CID, Cleveland\nSpecialist                                               Field Office\nMark F. Mulholland, Deputy AIG for Audits                Jennifer R. Taylor, U.S. Department of Justice Trial\n                                                         Attorney, Criminal Division, Washington, D.C.\nRhoda L. Allen, Audit Specialist\n                                                         John T. Crawford, Special Agent, FDIC\nRhonda Bunte, Audit Specialist                           OIG Investigations--Eastern Region\n                                                         Thomas J. Bailey, Special Agent,\n                                                         FBI, Cleveland Division\n                                                         Thomas A. Karol, Assistant United\n                                                         States Attorney, Northern District\n                                                         of Ohio, Western Division\n                                                         William E. Day, III, Assistant United\n                                                         States Attorney, District of South\n                                                         Carolina, Florence Division\n                                                         This investigation involved the coor-      Matt Alessandrino, John Crawford, IG Jon\nMark Mulholland, Duane Rosenberg, Rhoda Allen,\n                                                         dination of multiple federal agencies Rymer, and Jason Tarnowski\nRhonda Bunte, IG Jon Rymer, Judith Hoyle, Lien\nNguyen, Rus Rau (not pictured, Jill Benham)              investigating three related multi-million\n                                                         dollar frauds with plea and trial prosecutions\nThe audit team employed a number of                      of five subjects in the Northern District of Ohio\ninnovative audit techniques to identify key              and the District of South Carolina. Ultimately\nareas of risk in an interagency IT infrastruc-           the five subjects were sentenced to a total of\nture services contract, defined and assessed             over 40 years in prison and ordered restitution\nthe contract\xe2\x80\x99s governance structure and                  in the amount of over $106 million. The group\xe2\x80\x99s\nkey controls, engaged other Federal                      relentless dedication and teamwork in pursuing\nauditors to examine selected invoices                    this matter resulted in bringing justice to those\nsubmitted by the main contractor and                     responsible for the failure of Oakwood Deposit\ntwo of its subcontractors that significantly             Bank Company, a 99-year-old bank, and added\nenhanced audit efficiency, and employed                  strength to the nation\xe2\x80\x99s banking system through\na very effective reporting format for                    the improvement of the examination process.\npresentation to the FDIC\xe2\x80\x99s Chairman, Audit\nCommittee, and Chief Information Officer.                                                                                                      59\n\x0cEdward M. Gentry, Robert L. Wellons, IG Jon Rymer, Steve\nBeard, and Margaret Wolf\n\nAward for Excellence:                           Retirements\nEvaluation                                      The OIG congratulates two former members of the office who retired after distinguished\nIn recognition of excellence in                 federal careers.\nevaluating a critical FDIC insurance            Sara Gibson retired after nearly 30 years       Theresa Fewell retired after more than 25\ndetermination system                            of federal service. Her                         years of federal service. She\nEdward M. Gentry, Deputy                        career began in 1977                            began her career at the\nAIG for Evaluations                             at the Department of                            Department of Agriculture\n                                                the Treasury, where she                         OIG in 1983 and moved\nMargaret B. Wolf, Auditor-in-\n                                                held temporary student                          on to the FDIC OIG in May\nCharge, Office of Evaluations\n                                                appointments with                               1990, where she served\nRobert L. Wellons, Audit                        the Bureau of the Mint,                         in Counsel\xe2\x80\x99s Office for\nSpecialist, Office of Audits                    served in various admin-                        18 years until her retire-\nThe team\xe2\x80\x99s work had a strong and                istrative positions at                          ment. Theresa provided\nimmediate impact on the Claims                  the Office of the Comp-                         invaluable administrative\nAdministration System project\xe2\x80\x99s                 troller of the Currency, and later became an    support to FDIC OIG Counsel throughout\ndevelopment. In response to the                 inspector in the Department of the Trea-        her tenure. She was instrumental in main-\nteam\xe2\x80\x99s report, the FDIC made                    sury\xe2\x80\x99s OIG. She then spent nearly 4 years       taining Counsel\xe2\x80\x99s records, establishing\nchanges to the leadership and                   at the General Accounting Office (now           Counsel\xe2\x80\x99s subpoena system, and devel-\ncomposition of the project team,                the Government Accountability Office) as        oping its Workflow system. She also served\nrefocused the project on critical               a criminal investigator and transferred to      as timekeeper for a number of component\nfunctionality needed for insurance              the Resolution Trust Corporation (RTC) in       offices in the OIG. When the IG or Deputy IG\ndeterminations, and re-evaluated                September 1990 as a senior criminal inves-      needed additional administrative support,\nan in-house model under consid-                 tigator. At the RTC\xe2\x80\x99s sunset, Sara was reas-    Theresa stepped up to help. She also\neration. As a result of these                   signed to the FDIC OIG as a senior criminal     coordinated with individuals throughout\ncorrective actions, the FDIC has                investigator. She later served as the FDIC\xe2\x80\x99s    the Corporation on behalf of the OIG on\nput in place a contingency model                Deputy Assistant Inspector General for          countless administrative matters and\nand processes that will enable                  Investigations and was Assistant Inspector      willingly volunteered to assist with office\nthe Corporation to accomplish                   General for Investigations at the time of her   projects and activities such as the semian-\nlarge or multiple bank insurance                retirement.                                     nual report distribution, diversity events,\ndeterminations that otherwise                                                                   the Combined Federal Campaign, and\n                                                Sara was instrumental in building and culti-\nmay not have been possible.                                                                     office-wide meetings and conferences.\n                                                vating positive and constructive working\nThis capability, established in                 relationships with FDIC senior manage-\nlarge part because of the excel-                ment, her FDIC OIG colleagues, others in\nlent work done by the evaluation                the IG community, and fellow law enforce-\nteam, is crucial in light of the                ment professionals. Largely as a result\nturmoil in the current economic                 of Sara\xe2\x80\x99s tireless efforts and outstanding\nenvironment and the volatile                    leadership, the FDIC OIG is now a preemi-\nstate of the banking industry.                  nent law enforcement organization and\n                                                a leader in combating financial institu-\n                                                tion fraud and other criminal activity.\n60                                                                                                                              60\n\x0c\x0c\x0c'